QUESTION 161 Your network contains an Active Directory forest. The forest contains one domain named contoso.com. The domain contains three domain controllers. The domain controllers are configured as shown in the following table. DC1 has all of the operations master roles installed. You transfer all of the operations master roles to DC2, and then you uninstall Active Directory from DC1. You need to ensure that you can use Password Settings objects (PSOs) in the domain. What should you do?

QUESTION 162 Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server3 that runs Windows Server 2012 R2 and has the DHCP Server server role installed. DHCP is configured as shown in the exhibit. You need to ensure that only Scope1, Scope3, and Scope5 assign the same DNS servers to DHCP clients. The solution must minimize administrative effort. What should you do?

QUESTION 163 You have a server named Server1 that runs Windows Server 2012 R2. Server1 fails. You identify that the master boot record (MBR) is corrupt. You need to repair the MBR. Which tool should you use?

QUESTION 164 Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2. The domain contains two domain controllers. The domain controllers are configured as shown in the following table. You configure a user named User1 as a delegated administrator of DC10. You need to ensure that User1 can log on to DC10 if the network link between the Main site and the Branch site fails. What should you do?

A. Add User1 to the Domain Admins group. B. On DC10, run ntdsutil and configure the settings in the Roles context. C. Run repadmin and specify the /prp parameter. D. On DC1, modify the User Rights Assignment in Default Domain Controllers Group Policy object (GPO).

Answer: D Explanation: Modify the following policy: Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Allow log on locally Note: * User Rights Assignment policies determines which users or groups have logon rights or privileges on the computer. * Delegated administrator accounts gain local administrative permissions to the RODC. These users can operate with privileges equivalent to the local computer’s Administrators group. They are not members of the Domain Admins or the domain built-in Administrators groups. This option is useful for delegating branch office administration without giving out domain administrative permissions. Configuring delegation of administration is not required.

QUESTION 165 You perform a full installation of Windows Server 2012 R2 on a virtual machine named Server1. You plan to use Server1 as a reference image. You need to minimize the amount of storage space used by the Windows Server 2012 R2 installation. Which cmdlet should you use?

QUESTION 166 Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2 and has the DHCP Server server role installed. Server1 has a scope named Scope1. A policy named Policy1 is configured for Scope1. Policy1 is configured to provide Hyper-V virtual machines a one-day lease. All other computers receive an eight-day lease. You implement an additional DHCP server named Server2 that runs Windows Server 2012 R2. On Server1, you configure Scopel for DHCP failover. You discover that virtual machines that receive IP addresses from Server2 have a lease duration of eight days. You need to ensure that when Server2 assigns IP addresses to the Hyper-V virtual machines, the lease duration is one day. The solution must ensure that other computers that receive IP addresses from Server2 have a lease duration of eight days. What should you do?

A. On Server2, right-click Scope1, and then click Reconcile. B. On Server1, right-click Scope1, and then click Replicate Scope. C. On Server2, create a new DHCP policy. D. On Server1, delete Policy1, and then recreate the policy.

QUESTION 167 You deploy an Active Directory Federation Services (AD FS) 2.1 infrastructure. The infrastructure uses Active Directory as the attribute store. Some users report that they fail to authenticate to the AD FS infrastructure. You discover that only users who run third-party web browsers experience issues. You need to ensure that all of the users can authenticate to the AD FS infrastructure successfully. Which Windows PowerShell command should you run?

Answer: A Explanation: A. Sets the valid token lifetime for proxy trust tokens (in minutes). This value is used by the federation server proxy to authenticate with its associated federation server. B. Specifies a policy rule set that can be used to establish authorization permissions for setting up trust proxies. The default value allows the AD FS 2.0 service user account or any member of BUILTIN\Administrators to register a federation server proxy with the Federation Service. C. Specifies the duration of the single sign-on (SSO) experience for Web browser clients (in minutes). D. pecifies the level of extended protection for authentication supported by the federation server. Extended Protection for Authentication helps protect against man-in-the-middle (MITM) attacks, in which an attacker intercepts a client’s credentials and forwards them to a server. http://technet.microsoft.com/zh-cn/library/ee892317.aspx

QUESTION 168 Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012 R2. The domain contains a file server named Server1. The domain contains a domain controller named DC1. Server1 contains three shared folders. The folders are configured as shown in the following table. Folder2 has a conditional expression of User.Department= = MMarketing”. You discover that a user named User1 cannot access \\Server1\folder2. User1 can access \\Server1\folderl and \\Server1\folder3. You verify the group membership of User1 as shown in the Member Of exhibit. (Click the Exhibit button.) You verify the organization information of User1 as shown in the Organization exhibit. (Click the Exhibit button.) You verify the general properties of User1 as shown in the General exhibit. (Click the Exhibit button.) You need to ensure that User1 can access the contents of \\Server1\folder2. What should you do?

A. From a Group Policy object (GPO), set the Support for Dynamic Access Control and Kerberos armoring setting to Always provide claims. B. Change the department attribute of User1. C. Grant the Full Control NTFS permissions on Folder2 to User1. D. Remove Userl1from the Accounting global group.

QUESTION 169 Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2. The domain contains two domain controllers. The domain controllers are configured as shown in the following table. The Branch site contains a perimeter network. For security reasons, client computers in the perimeter network can communicate with client computers in the Branch site only. You plan to deploy a new RODC to the perimeter network in the Branch site. You need to ensure that the new RODC will be able to replicate from DC10. What should you do first on DC10?

QUESTION 170 Your network contains an Active Directory domain named contoso.com. The domain contains two member servers named Server1 and Server2 that run Windows Server 2012 R2. Server1 has Microsoft SQL Server 2012 installed. You install the Active Directory Federation Services server role on Server2. You need to configure Server2 as the first Active Directory Federation Services (AD FS) server in the domain. The solution must ensure that the AD FS database is stored in a SQL Server database on Server1. What should you do on Server2?

A. From a command prompt, run fsutil.exe. B. From Windows PowerShell, run Install-ADFSFarm. C. From Server Manager, install the Federation Service Proxy. D. From Server Manager, install the AD FS Web Agents.

QUESTION 151 Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2. The domain contains two domain controllers. The domain controllers are configured as shown in the following table. The Branch site contains a member server named Server1 that runs Windows Server 2012 R2. You need to identify which domain controller authenticated the computer account of Server1. What should you do?

A. Verify the value of the %LOGONSERVER% environment variable. B. Run nltest /sc_query. C. Verify the value of the %SESSIONNAME% environment variable. D. Run nltest /dsgetsite.

QUESTION 152 Your network contains an Active Directory domain named contoso.com. The domain contains two servers named Server1 and Server2 that run Windows Server 2012 R2. Server1 is a file server that has the Hyper-V server role installed. Server1 hosts several virtual machines. The virtual machine configuration files are stored on drive D and the VHD files are stored on drive E. You plan to replace drive E with a larger volume. You need to ensure that the virtual machines on Server1 remain available while drive E is being replaced. What should you do?

A. Perform a quick migration. B. Add Server1 and Server2 as nodes in a failover cluster. C. Perform a live migration. D. Perform a storage migration.

QUESTION 153 Your network contains an Active Directory domain named contoso.com. The domain contains a file server named File1 that runs a Server Core Installation of Windows Server 2012 R2. File1 has a volume named D that contains home folders. File1 creates a shadow copy of volume D twice a day. You discover that volume D is almost full. You add a new volume named H to File1. You need to ensure that the shadow copies of volume D are stored on volume H. Which command should you run?

Answer: D Explanation: A. Sets or changes the file system label of an existing volume. -DriveLetter Specifies a letter used to identify a drive or volume in the system. B. Displays current volume shadow copy backups and all installed shadow copy writers and providers. Shadow Creates a new shadow copy of a specified volume. C. Sets or changes the file system label of an existing volume -Path Contains valid path information. D. Displays current volume shadow copy backups and all installed shadow copy writers and providers. AddShadowStroage Adds a shadow copy storage association for a specified volume. http://technet.microsoft.com/en-us/library/cc754968(v=ws.10).aspxhttp://technet.microsoft.com/en-us/library/hh848673(v=wps.620).aspx

QUESTION 154 Your network contains a perimeter network and an internal network. The internal network contains an Active Directory Federation Services (AD FS) 2.1 infrastructure. The infrastructure uses Active Directory as the attribute store. You plan to deploy a federation server proxy to a server named Server2 in the perimeter network. You need to identify which value must be included in the certificate that is deployed to Server2. What should you identify?

A. The FQDN of the AD FS server B. The name of the Federation Service C. The name of the Active Directory domain D. The public IP address of Server2

QUESTION 155 You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the File Server Resource Manager role service installed. You are creating a file management task as shown in the exhibit. (Click the Exhibit button.) You need to ensure that the Include all folders that store the following kinds of data list displays an entry named Corporate Data. What should you do?

A. Modify the properties of the System Files file group. B. Create a new classification property. C. Create a new file group. D. Modify the Folder Usage classification property.

QUESTION 156 Your network contains an Active Directory forest named adatum.com. The forest contains an Active Directory Rights Management Services (AD RMS) cluster. A partner company has an Active Directory forest named litwareinc.com. The partner company does not have AD RMS deployed. You need to ensure that users in litwareinc.com can consume rights-protected content from adatum.com. Which type of trust policy should you create?

QUESTION 157 Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2. The domain contains two domain controllers. The domain controllers are configured as shown in the following table. The Branch site contains a perimeter network. For security reasons, client computers in the perimeter network can communicate with client computers in the Branch site only. You plan to deploy a new RODC to the perimeter network in the Branch site. You need to ensure that the new RODC will be able to replicate from DC10. What should you do first on DC10?

Answer: A Explanation: Add-ADDSReadOnlyDomainControllerAccount Creates a read-only domain controller (RODC) account that can be used to install an RODC in Active Directory. Note: * Notes Once you have added the RODC account, you can add an RODC to a server computer by using the Install-ADDSDomainController cmdlet with the -ReadOnlyReplica switch parameter. * Example Adds a new read-only domain controller (RODC) account to the corp.contoso.com domain using the North America site as the source site for the replication source domain controller. C:\PS>Add-ADDSReadOnlyDomainControllerAccount -DomainControllerAccountName RODC1 -DomainName corp.contoso.com -SiteName NorthAmerica Incorrect: Not B: There already is a branch site. Reference: Add-ADDSReadOnlyDomainControllerAccount

QUESTION 158 Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2. The domain contains two domain controllers. The domain controllers are configured as shown in the following table. You configure a user named User1 as a delegated administrator of DC10. You need to ensure that User1 can log on to DC10 if the network link between the Main site and the Branch site fails. What should you do?

A. Add User1 to the Domain Admins group. B. Modify the properties of the DC10 computer account. C. Run repadmin and specify /replsingleobject parameter. D. On DC10, modify the User Rights Assignment in Local Policies.

Answer: D Explanation: Modify the following policy: Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Allow log on locally Note: * User Rights Assignment policies determines which users or groups have logon rights or privileges on the computer. * Delegated administrator accounts gain local administrative permissions to the RODC. These users can operate with privileges equivalent to the local computer’s Administrators group. They are not members of the Domain Admins or the domain built-in Administrators groups. This option is useful for delegating branch office administration without giving out domain administrative permissions. Configuring delegation of administration is not required.

QUESTION 159 Your network contains an Active Directory forest named contoso.com. The forest contains a single domain. The forest functional level is Windows Server 2012 R2. You have a domain controller named DC1. On DC1, you create a new Group Policy object (GPO) named GPO1. You need to verify that GPO1 was replicated to all of the domain controllers. Which tool should you use?

QUESTION 160 Your network contains two DNS servers named DNS1 and DNS2 that run Windows Server 2012 R2. DNS1 has a primary zone named contoso.com. DNS2 has a secondary copy of the contoso.com zone. You need to log the zone transfer packets sent between DNS1 and DNS2. What should you configure?

QUESTION 51 You are planning the deployment of System Center 2012 Virtual Machine Manager (VMM). You need to identify which additional System Center 2012 product is required to meet the visualization requirements. What should you include in the recommendation?

QUESTION 54 You need to recommend a solution for managing updates. The solution must meet the technical requirements. What should you include in the recommendation?

A. A System Center 2012 Configuration Manager management point in the main office and a System Center 2012 Configuration Manager distribution point in each office. B. A System Center 2012 Configuration Manager management point in the main office and a WSUS downstream server in each office. C. A System Center 2012 Configuration Manager software update point in the main office and a System Center 2012 Configuration Manager distribution point in each office. D. A WSUS upstream server in and a WSUS downstream server in each office.

QUESTION 55 You need to recommend an automated remediation solution for the ReliableTimeSource registry value. The solution must meet the technical requirements. What should you include in the recommendation?

QUESTION 59 You need to recommend a solution for deploying the web servers for the CRM application. The solution must meet the visualization requirements. What should you include in the recommendation?

QUESTION 41 Your network contains the following: – 20 Hyper-V hosts – 100 virtual machines – 2,000 client computers You need to recommend an update infrastructure design to meet the following requirements: – Deploy updates to of the all virtual machines and the client computers from a single console. – Generate reports that contain a list of the applied updates. What should you recommend? More than one answer choice may achieve the goal. Select the BEST answer.

QUESTION 42 Your network contains an Active Directory domain named contoso.com. The domain contains a Microsoft System Center 2012 infrastructure. You deploy a service named Service1 by using a service template. Service1 contains two virtual machines. The virtual machines are configured as shown in the following table. You need to recommend a monitoring solution to ensure that an administrator can review the availability information of Service1. What should you do?

A. From Configuration Manager, create a Collection and a Desired Configuration Management baseline. B. From Virtual Machine Manager (VMM), modify the properties of the service template. C. From Operations Manager, create a Distributed Application and a Monitor Override. D. From Operations Manager, create a Distributed Application and a Service Level Tracking object.

QUESTION 43 Your company has three main offices named Main1, Main2, and Main3. The network contains an Active Directory domain named contoso.com. Each office contains a help desk group. You plan to deploy Microsoft System Center 2012 Configuration Manager to meet the following requirements: – The members of the Domain Admins group must be able to manage all of the Configuration Manager settings. – The help desk groups must be able to manage only the client computers in their respective office by using Configuration Manager. You need to recommend a Configuration Manager infrastructure to meet the requirements. Which infrastructure should you recommend? More than one answer choice may achieve the goal. Select the BEST answer.

A. One site that contains a collection for each office B. Three sites that each contain one collection C. Three sites that contain one collection for each office D. One site that contains one collection

Answer: A

QUESTION 44 Your network contains a data center named DataCenter1 that contains multiple servers. The servers are configured as Hyper-V hosts. Your company deploys a disaster recovery site. The disaster recovery site has a dedicated connection to DataCenter1. The network is connected to the disaster recovery site by using a dedicated link. DataCenter1 contains 10 business critical virtual machines that run a line-of-business application named Appl. You need to recommend a business continuity solution to ensure that users can connect to App1 within two hours if DataCenter1 fails. What should you include in the recommendation? More than one answer choice may achieve the goal. Select the BEST answer.

QUESTION 45 You have a failover cluster named Cluster1 that contains four Hyper-V hosts. Cluster1 hosts 20 virtual machines. You deploy a new failover cluster named Cluster2. You plan to replicate the virtual machines from Cluster1 to Cluster2. You need to recommend which actions must be performed on Cluster2 for the planned deployment. Which three actions should you recommend? To answer, move the three appropriate actions from the list of actions to the answer area and arrange them in the correct order. Answer: Explanation: * Windows Server 2012 Hyper-V Role introduces a new capability, Hyper-V Replica, as a built-in replication mechanism at a virtual machine (VM) level. Hyper-V Replica can asynchronously replicate a selected VM running at a primary site to a designated replica site across LAN/WAN. *Step 1: Prepare to Deploy Hyper-V Replica 1.1. Make basic planning decisions 1.2. Install the Hyper-V server role 1.3. Configure the firewall 1.4. Configure Hyper-V Replica Broker Step2: Step 2: Enable Replication 2.1 Configure the Replica server 2.2. Configure a Replica server that is part of a failover cluster (optional) 2.3 Enable replication for virtual machines Each virtual machine that is to be replicated must be enabled for replication. 2.4 Configure primary server to receive replication Reference: Deploy Hyper-V Replica

QUESTION 46 Your network contains an Active Directory domain named contoso.com. The domain contains several domain controllers. The domain controllers run either Windows Server 2012 or Windows Server 2008 R2. The domain functional level is Windows Server 2008 R2. The forest functional level is Windows Server 2008. The corporate compliance policy states that all items deleted from Active Directory must be recoverable from a Recycle Bin. You need to recommend changes to the current environment to meet the compliance policy. Which changes should you recommend? (Each correct answer presents part of the solution. Choose all that apply.)

QUESTION 47 Your company has a main office and a branch office. You plan to implement a failover cluster named Cluster1 to host an application named Appl. The data of App1 will replicate to all of the nodes in Cluster1. Cluster1 will contain two servers. The servers will be configured as shown in the following table. The cluster nodes will not use shared storage. The branch office contains two file servers named Server3 and Server4. You need to ensure that App1 fails over automatically to another server if a single node in Cluster1 fails. What should you do? More than one answer choice may achieve the goal. Select the BEST answer.

A. Add Server1, Server2, and Server3 to a Network Load Balancing (NLB) cluster. B. Add 5erver3 as a file share witness for Cluster1. C. Add Server3 and Server4 to a new failover cluster named Cluster2. Install App1 on Cluster2. D. Add Server3 as a node in Cluster1.

Answer: B

QUESTION 48 Your network contains two servers named Server1 and Server2 that run Windows Server 2012. Server1 has the iSCSI Target Server role service installed and is configured to have five iSCSI virtual disks. You install the Multipath I/O (MPIO) feature on Server2. From the MPIO snap-in, you add support for iSCSI devices. You need to ensure that Server2 can connect to the five iSCSI disks. The solution must ensure that Server2 uses MPIO to access the disks. Which three actions should you perform? To answer, move the three appropriate actions from the list of actions to the answer area and arrange them in the correct order. Answer: Explanation: * (Step 1) On the Specify Access Servers page, click Add to specify the iSCSI initiator that will access your iSCSI virtual disk. Doing this opens the Add Initiator ID dialog box * (Step 2): CONFIGURE ISCSI INITIATOR ON CLUSTER-NODES Start the iScsi Initiator control panel by running iscsicpl on the command line. You will see a warning about the iScsi Initiator Service. Click Yes to start the service. The properties screen will appear. Type the Target Server (in this scenario the DC) IP address in the Target box and click Quick Connect. The two targets are shown in the dialog box. Click Done. In the iScsi Initiator Properties screen you see the two targets with status Inactive. Highlight the first one and click the Properties button. In the Properties screen click the Add Session button. In the Connect to Target popup window you will get select Enable multi-path and click Advanced. (Step 3). Reference: Creating a Windows Server 2012 Multipath I/O iScsi Fail-over Cluster

Case Study No 1 Contoso Ltd (QUESTION 49 – QUESTION 59)

Overview Contoso, Ltd. is a recruiting and staffing company that has offices throughout North America. The company has a main office and six branch offices. The main office is located in Miami. The branch offices are located in New York, Seattle, Los Angeles, Montreal, Toronto, and Vancouver.

Existing Environment

Network Infrastructure The network contains one Active Directory domain named contoso.com. The main office has the following servers: * One file server that maintains multiples shares * Two domain controllers configured as DNS servers * One Windows Server Update Services (WSUS) server * Two DHCP servers that each have a scope for all of the subnets * Two servers that have Failover Clustering configured and are used as virtualization hosts * One server that has Microsoft SQL Server 2012 installed and maintains a customer relationship management (CRM) database Each branch office has the following servers: * One domain controller configured as a DNS server * One DHCP server that has a single scope for its respective office Each office has a single subnet. The network speed of the local area network (LAN) is 1 gigabit per second. All of the offices have a high-speed connection to the Internet. The offices connect to each other by using VPN appliances.

Current Issues Users report that it can take a long time to download files from network shares in the main office. A root cause analysis identifies that network traffic peaks when the users experience this issue.

Requirements

Planned Changes The company plans to implement the following changes: * Replace all of the domain controllers with new servers that run Windows Server 2012. * Upgrade the CRM application to use a web-based application that connects to the current CRM database. The web application will store session data in the memory of each web server. * Initially, deploy two front-end web servers to two virtual machines. Additional virtual web servers will be deployed in the future. * Monitor the availability of the CRM application and create alerts when the overall availability is less than 99 percent. * Implement Microsoft System Center 2012 to manage the new environment.

Business Requirements The company identifies the following business requirements:

* Minimize hardware costs and software costs whenever possible. * Minimize the amount of network traffic over the VPN whenever possible. * Ensure that the users in the branch offices can access files currently on the main office file server if a Internet link fails.

Technical Requirements

The company identifies the following technical requirements: * Provide a highly available DHCP solution. * Maintain a central database that contains the security events from all of the servers.The database must be encrypted. * Ensure that an administrator in the main office can manage the approval of Windows updates and updates to third-party applications for all of the users. * Ensure that all of the domain controllers have the ReliableTimeSource registry value in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Param eters set to 1, even if an administrator changes that value manually.

Virtualization Requirements The company identifies the following virtualization requirements:

* Minimize the number of permissions and privileges assigned to users. * Ensure that the members of a group named Group2 can add a WSUS server to the fabric. * Ensure that a diagram view of the virtualization environment can be generated dynamically. * Minimize the amount of administrative effort required to manage the virtualization environment. * Prevent the failure of a front-end web server from affecting the availability of the CRM application. * Ensure that the members of a group named Group1 can create new virtual machines in the Los Angeles office only. * Only create virtual machine templates by using objects that already exist in the System Center 2012 Virtual Machine Manager (VMM) library. * On the failover cluster in the main office, apply limited distribution release (LDR) updates to the virtualization hosts without disrupting the virtual machines hosted on the virtualization hosts.

QUESTION 49 You are planning the delegation for the virtualization environment. The delegation must meet the virtualization requirements. Which user role profile should you select for Group2?

QUESTION 31 Your network contains an Active Directory domain named contoso.com. The domain contains a Microsoft System center 2012 infrastructure. The domain contains the computers configured as shown in the following table. You need to implement a monitoring solution that gathers the security logs from all of the computers in the domain. Which monitoring solution should you implement? More than one answer choice may achieve the goal. Select the BEST answer.

QUESTION 32 Your network contains an Active Directory domain named contoso.com. The domain contains a Microsoft System Center 2012 infrastructure. All client computers have a custom application named App1 installed. App1 generates an Event ID 42 every time the application runs out of memory. Users report that when App1 runs out of memory, their client computer runs slowly until they manually restart App1. You need to recommend a solution that automatically restarts App1 when the application runs out of memory. What should you include in the recommendation?

QUESTION 33 Your company has a human resources department and a finance department. You are planning an administrative model for both departments to meet the following requirements: * Provide human resources managers with the ability to view the audit logs for the files of their department. * Ensure that only domain administrators can view the audit logs for the files of the finance department. You need to recommend a solution for the deployment of file servers for both departments. What should you recommend? More than one answer choice may achieve the goal. Select the BEST answer.

A. Deploy two file servers. Add the human resources managers to the local Administrators group on one of the servers. B. Deploy two file servers. Add the human resources managers to the local Event Log Readers group on one of the servers. C. Deploy one file server. Add the human resources managers to the local Administrators group. D. Deploy one file server. Add the human resources managers to the local Event Log Readers group.

Answer: B

QUESTION 34 Your network contains a Microsoft System Center 2012 infrastructure. You use Virtual Machine Manager (VMM) to manage 20 Hyper-V hosts. You deploy a Windows Server Update Services (WSUS) server. You need to automate the remediation of non-compliant Hyper-V hosts. The solution must minimize the amount of time that virtual machines are unavailable. What should you do first?

A. Install the WSUS Administration console on the VMM server, and then add the WSUS server to the fabric. B. Configure the Hyper-V hosts to download Windows updates from the WSUS server by using a Group Policy object (GPO). C. Configure the Hyper-V hosts to download Windows updates from the VMM server by using a Group Policy object (GPO). D. Install the Virtual Machine Manager console on the WSUS server, and then add the WSUS server to the fabric.

Answer: B

QUESTION 35 Your network contains an internal network and a perimeter network. The internal network contains an Active Directory domain named contoso.com. All client computers in the perimeter network are part of a workgroup. The internal network contains a Microsoft System Center 2012 infrastructure. You plan to implement an update infrastructure to update the following: * Windows Server 2012 * System Center 2012 * Windows Server 2003 * Microsoft SQL Server 2012 * Third-party visualization hosts * Microsoft SharePoint Server 2010 Another administrator recommends implementing a single WSUS server to manage all of the updates. You need to identify which updates can be applied by using the recommended deployment of WSUS. What should you identify? (Each correct answer presents part of the solution. Choose all that apply.)

Answer: BCDE Explanation: * Windows Server Update Services (WSUS), previously known as Software Update Services (SUS), is a computer program developed by Microsoft Corporation that enables administrators to manage the distribution of updates and hotfixes released for Microsoft products to computers in a corporate environment. WSUS downloads these updates from the Microsoft Update website and then distributes them to computers on a network. WSUS runs on Windows Server and is free to licensed Microsoft customers. * The first version of WSUS was known as Software Update Services (SUS).[2] It only delivered hotfixes and patches for Microsoft operating systems. WSUS builds on SUS by expanding the range of software it can update. The WSUS infrastructure allows automatic downloads of updates, hotfixes, service packs, device drivers and feature packs to clients in an organization from a central server(s).

QUESTION 36 Your network contains an Active Directory domain named contoso.com. You plan to implement Microsoft System Center 2012. You need to identify which solution automates the membership of security groups for contoso.com. The solution must use workflows that provide administrators with the ability to approve the addition of members to the security groups. Which System Center 2012 roles should you identify?

QUESTION 37 Your network contains 10 servers that run Windows Server 2012. The servers have the Hyper-V server role installed. The servers host a Virtual Desktop Infrastructure (VDI) that contains persistent virtual machines. Each virtual machine is assigned to a specific user. Users can install software on their specific virtual machine. You need to implement a solution to generate monthly reports that contain a list of all the installed software on the virtual machines. The solution must NOT require the installation of additional software on the virtual machines. Which solution should you implement?

QUESTION 38 Your network contains 20 servers that run Windows Server 2012. The servers have the Hyper-V server role installed. You plan to deploy a management solution. You need to recommend which Microsoft System Center 2012 roles must be deployed to meet the following requirements: * An administrator must be notified when an incident occurs, such as a serious error in the event log, on a Hyper-V host, or on a virtual machine. * An administrator must be able to assign an incident to a specific administrator for resolution. * An incident that remains unresolved for more than 10 hours must be escalated automatically to another administrator. * Administrators must be able to generate reports that contain the details of incidents and escalations. Which System Center 2012 roles should you recommend? More than one answer choice may achieve the goal. Select the BEST answer.

QUESTION 39 Your network contains an Active Directory domain named contoso.com. The domain contains a Hyper-V host named Server1. Server1 has an offline virtual machine named VM1 that is stored on a virtual hard disk named VMl.vhd. You plan to implement multiple virtual machines that have the same configurations as VM1. You need to recommend a virtual hard disk solution for the planned implementation. The solution must meet the following requirements: * Minimize the amount of time required to create the new virtual machines. * Minimize the amount of storage space required on Server1. What should you include in the recommendation?

QUESTION 40 You plan to delegate the management of virtual machines to five groups by using Microsoft System Center 2012 Virtual Machine Manager (VMM). The network contains 20 Hyper-V hosts in a host group named HostGroup1. You identify the requirements for each group as shown in the following table. You need to identify which user role must be assigned to each group. Which user roles should you identify? To answer, drag the appropriate user role to the correct group in the answer area. Each user role may be used once, more than once, or not at all. Additionally, you may need to drag the split bar between panes or scroll to view content. Answer: Explanation: http://mountainss.wordpress.com/2011/11/19/user-roles-in-system-center-virtual-machine- manager-2012/ http://technet.microsoft.com/en-us/library/gg696971.aspx

QUESTION 21 Your network contains two servers named Server1 and Server2 that run Windows Server 2012. Server1 and Server2 have the Hyper-V server role installed and are part of a host group named Group1 in Microsoft System Center 2012 Virtual Machine Manager (VMM). Server1 and Server2 have identical hardware, software, and settings. You configure VMM to migrate virtual machines if the CPU utilization on a host exceeds 65 percent. The current load on the servers is shown following table. You start a new virtual machine on Server2 named VM8. VM8 has a CPU utilization of 20 percent. You discover that none of the virtual machines hosted on Server2 are migrated to Server1. You need to ensure that the virtual machines hosted on Server2 are migrated to Server1. What should you modify from the Dynamic Optimization configuration?

QUESTION 22 Your network contains a Microsoft System Center 2012 Virtual Machine Manager (VMM) server named Server1. You use Server1 to manage 20 Hyper-V hosts. The network also contains five Citrix XenServer visualization hosts. You need to recommend which installation is required to manage the XenServer servers from Server1. What should you recommend installing?

QUESTION 23 Your network contains two data centers named DataCenter1 and DataCenter2. The two data centers are connected by using a low-latency high-speed WAN link. Each data center contains multiple Hyper-V hosts that run Windows Server 2012. All servers connect to a Storage Area Network (SAN) in their local data center. You plan to implement 20 virtual machines that will be hosted on the Hyper- V hosts. You need to recommend a hosting solution for the virtual machines. The solution must meet the following requirements: – Virtual machines must be available automatically on the network if a single Hyper-V host fails. – Virtual machines must be available automatically on the network if a single data center fails. What should you recommend?

A. One failover cluster and one Distributed File System (DFS) Replication group in each data center B. One failover cluster in DataCenter1 and Hyper-V replicas to DataCenter2 C. One failover cluster that spans both data centers and SAN replication between the data centers D. One failover cluster in DataCenter2 and one DFS Replication group in DataCenter1

Answer: C

QUESTION 24 You have a Hyper-V host named Hyper1 that has Windows Server 2012 Installed. Hyper1 hosts 20 virtual machines. Hyper1 has one physical network adapter. You need to implement a networking solution that evenly distributes the available bandwidth on Hyper1 to all of the virtual machines. What should you modify?

A. The Quality of Service (QoS) Packet Scheduler settings of the physical network adapter B. The settings of the network adapter C. The settings of the virtual switch D. The settings of the legacy network adapter

Answer: B

QUESTION 25 Your network contains an Active Directory domain named contoso.com. The domain contains a Microsoft System center 2012 infrastructure. You deploy a second System Center 2012 infrastructure in a test environment. You create a service template named Template1 in both System Center 2012 infrastructures. For self-service users, you create a service offering for Template1. The users create 20 instances of Template1. You modify Template1 in the test environment. You export the service template to a file named Templatel.xml. You need to ensure that the changes to Template1 can be applied to the existing instances in the production environment. What should you do when you import the template?

A. Create a new service template. B. Overwrite the current service template. C. Change the release number of the service template. D. Change the name of the service template.

Answer: C

QUESTION 26 You plan to implement a virtualization solution to host 10 virtual machines. All of the virtual machines will be hosted on servers that run Windows Server 2012. You need to identify which servers must be deployed for the planned virtualization solution. The solution must meet the following requirements: – Minimize the number of servers. – Ensure that live migration can be used between the hosts. Which servers should you identify? To answer, select the appropriate servers in the answer area. Answer:

QUESTION 27 Your network contains an Active Directory domain named contoso.com. The corporate security policy states that when new user accounts, computer accounts, and contacts are added to an organizational unit (OU) named Secure, the addition must be audited. You need to recommend an auditing solution to meet the security policy. What should you include in the recommendation? (Each answer presents part of the solution. Choose all that apply.)

A. From the Default Domain Controllers Policy, enable the Audit directory services setting. B. Create a new Group Policy object (GPO) that is linked to the Secure OU, and then modify the Audit directory services setting. C. From the Secure OU, modify the Auditing settings. D. From the Default Domain Controllers Policy, enable the Audit object access setting. E. From the Secure OU, modify the Permissions settings. F. Create a new Group Policy object (GPO) that is linked to the Secure OU, and then modify the Audit object access setting.

Answer: AB Explanation: * Creating a New Object: Resulting in multiple Event ID 5137 entries containing all attributes provided explicitly by the security principal that invoked the operation (but not those automatically generated by the system). Note that similar information also gets recorded if audit of User Account Management or Directory Service Access is enabled.

QUESTION 28 Your company has 10,000 users located in 25 different sites. All servers run Windows Server 2012. All client computers run either Windows 7 or Windows 8. You need to recommend a solution to provide self-service password reset for all of the users. What should you include in the recommendation?

QUESTION 29 Your company has a human resources department, a finance department, a sales department, and an R&D department. The company audits the access of documents that contain department-specific sensitive information. You are planning an administrative model for the departments to meet the following requirements: * Provide R&D managers with the ability to back up all the files of their department only. * Provide finance managers with the ability to view the audit logs for the files of their department only. * Provide human resources managers with the ability to view the audit logs for the files of their department only. * Provide sales managers with the ability to modify the permissions on all the shared folders of their department only. You need to identify the minimum amount of file servers required on the network to meet the requirements of each department. How many file servers should you identify?

QUESTION 30 Your company has a main office and a branch office. Each office contains several hundred computers that run Windows 2012. You plan to deploy two Windows Server Update Services (WSUS) servers. The WSUS servers will be configured as shown in the following table. You need to implement the WSUS infrastructure to meet the following requirements: ?All updates must be approved from a server in the main office. ?All client computers must connect to a WSUS server in their local office. What should you do? (Each correct answer presents part of the solution. Choose all that apply.)

A. Deploy a Group Policy object (GPO) that has the update location set to Server1. B. On Server2, configure WSUS in Replica mode. C. On Server1, configure WSUS in Replica mode. D. On Server2, configure WSUS in Autonomous mode. E. Deploy a Group Policy object (GPO) that has the update location set to Server2. F. On Server1, configure WSUS in Autonomous mode.

QUESTION 11 Your network contains an Active Directory Rights Management Services (AD RMS) cluster named Cluster1. You plan to change Cluster1 to a new AD RMS cluster named Cluster2. You need to ensure that all users retrieve the location of the AD RMS templates from Cluster2. What should you do?

A. Create an alias (CNAME) record named clusterl.contoso.com that points to Cluster2. B. Modify the Service Connection Point (SCP). C. Modify the templates file location of the rights policy templates. D. Modify the exclusion policies.

Answer: B

QUESTION 12 Your network contains an Active Directory domain named contoso.com. You deploy Active Directory Certificate Services (AD CS). Your company, which is named Contoso, Ltd., has a partner company named Fabrikam, Inc. Fabrikam also deploys AD CS. Contoso and Fabrikam plan to exchange signed and encrypted email messages. You need to ensure that the client computers in both Contoso and Fabrikam trust each other’s email certificates. The solution must prevent other certificates from being trusted. What should you do? More than one answer choice may achieve the goal. Select the BEST answer.

A. Implement an online responder in each company. B. Exchange the root certification authority (CA) certificates of both companies, and then deploy the certificates to the Trusted Root Certification Authorities store by using Group Policy objects (GPOs). C. Exchange the root certification authority (CA) certificates of both companies, and then deploy the certificates to the Enterprise Trust store by using Group Policy objects (GPOs). D. Implement cross-certification in each company.

Answer: D

QUESTION 13 Your network contains an Active Directory domain named contoso.com. Your company has an enterprise root certification authority (CA) named CA1. You plan to deploy Active Directory Federation Services (AD FS) to a server named Serverl. The company purchases a Microsoft Office 365 subscription. You plan register the company’s SMTP domain for Office 365 and to configure single sign-on for all users. You need to identify which certificate or certificates are required for the planned deployment. Which certificate or certificates should you identify? (Each correct answer presents a complete solution. Choose all that apply.)

A. a server authentication certificate that is issued by a trusted third-party root CA and that contains the subject name serverl.contoso.com B. a server authentication certificate that is issued by CA1 and that contains the subject name Server1 C. a server authentication certificate that is issued by a trusted third-party root CA and that contains the subject name Server1 D. a server authentication certificate that is issued by CA1 and that contains the subject name serverl.contoso.com E. self-signed server authentication certificates for serverl.contoso.com

Answer: DE Explanation: Use the full name. The subject name is commonly represented by using an X.500 or Lightweight Directory Access Protocol (LDAP) format.

QUESTION 14 Your network contains an Active Directory domain named contoso.com. The network contains two servers named Server1 and Server2. You deploy Active Directory Certificate Services (AD CS). The certification authority (CA) is configured as shown in the exhibit. (Click the Exhibit button.) You need to ensure that you can issue certificates based on certificate templates. What should you do?

A. On Server1, install the Network Device Enrollment Service role service. B. Configure Server2 as a standalone subordinate CA. C. On Server1, uninstall, and then reinstall AD CS. D. On Server1, run the Add-CertificateEnrollmentPolicyServer cmdlet.

Answer: A

QUESTION 15 Your network contains an Active Directory domain named contoso.com. You plan to deploy an Active Directory Federation Services (AD FS) farm that will contain eight federation servers. You need to identify which technology or technologies must be deployed on the network before you install the federation servers. Which technology or technologies should you identify? (Each correct answer presents part of the solution. Choose all that apply.)

Answer: AD Explanation: Best practices for deploying a federation server farm We recommend the following best practices for deploying a federation server in a production environment: * (A) Use NLB or some other form of clustering to allocate a single IP address for many federation server computers. * (D) If the AD FS configuration database will be stored in a SQL database, avoid editing the SQL database from multiple federation servers at the same time. * If you will be deploying multiple federation servers at the same time or you know that you will be adding more servers to the farm over time, consider creating a server image of an existing federation server in the farm and then installing from that image when you need to create additional federation servers quickly. * Reserve a static IP address for each federation server in the farm and, depending on your Domain Name System (DNS) configuration, insert an exclusion for each IP address in Dynamic Host Configuration Protocol (DHCP). Microsoft NLB technology requires that each server that participates in the NLB cluster be assigned a static IP address. Reference: When to Create a Federation Server Farm

QUESTION 16 Your network contains an Active Directory domain named contoso.com. The network contains a server named Server1 that runs Windows Server 2012. Server1 has the Active Directory Certificate Services server role installed. Serve1l is configured as an offline standalone root certification authority (CA). You install the Active Directory Certificate Services server role on Server2 and configure the server as an enterprise subordinate CA. You need to ensure that the certificate issued to Server2 is valid for 10 years. What should you do first?

QUESTION 17 Your company has an office in New York. Many users connect to the office from home by using the Internet. You deploy an Active Directory Certificate Services (AD CS) infrastructure that contains an enterprise certification authority (CA) named CA1. CA1 is only available from hosts on the internal network. You need to ensure that the certificate revocation list (CRL) is available to all of the users. What should you do? (Each correct answer presents part of the solution. Choose all that apply.)

A. Create a scheduled task that copies the CRL files to a Web server. B. Run the Install-ADCSWebEnrollment cmdlet. C. Run the Install-EnrollmentPolicyWebService cmdlet. D. Deploy a Web server that is accessible from the Internet and the internal network. E. Modify the location of the Authority Information Access (AIA). F. Modify the location of the CRL distribution point (CDP).

Answer: ADF Explanation: D: access to CRLs for the ‘Internet scenario’ is fully supported and includes the following features: CRLs will be located on Web servers which are Internet facing. CRLs will be accessed using the HTTP retrieval protocol. CRLs will be accessed using an external URL of http://dp1.pki.contoso.com/pkiF: To successfully authenticate an Internet Protocol over Secure Hypertext Transfer Protocol (IP- HTTPS)-based connection, DirectAccess clients must be able to check for certificate revocation of the secure sockets layer (SSL) certificate submitted by the DirectAccess server. To successfully perform intranet detection, DirectAccess clients must be able to check for certificate revocation of the SSL certificate submitted by the network location server. This procedure describes how to do the following: Create a Web-based certificate revocation list (CRL) distribution point using Internet Information Services (IIS) Configure permissions on the CRL distribution shared folder Publish the CRL in the CRL distribution shared folder Reference: Configure a CRL Distribution Point for Certificates

QUESTION 18 Your network contains five Active Directory forests. You plan to protect the resources in one of the forests by using Active Directory Rights Management Services (AD RMS) Users in all of the forests will access the protected resources. You need to identify the minimum number of AD RMS clusters required for the planned deployment. What should you identify?

A. One root cluster and five licensing clusters B. One licensing cluster and five root clusters C. Five root clusters D. Five licensing clusters

Answer: C

QUESTION 19 Your network contains a Hyper-V host named Host1. Host1 hosts 25 virtual machines. All of the virtual machines are configured to start automatically when Host1 restarts. You discover that some of the virtual machines fail to start automatically when Host1 restarts and require an administrator to start them manually. You need to modify the settings of the virtual machines to ensure that they automatically restart when Host1 restarts. Which settings should you modify?

A. Memory weight B. Maximum RAM C. Startup RAM D. Minimum RAM

Answer: C

QUESTION 20 Your network contains multiple servers that run Windows Server 2012. The network contains a Storage Area Network (SAN) that only supports Fibre Channel connections. You have two failover clusters. The failover clusters are configured as shown in the following table. You plan to implement 15 highly available virtual machines on Cluster2. All of the virtual machines will be stored in a single shared folder. You need to ensure that the VHD files of the virtual machines can be stored on the SAN. What should you do? (Each correct answer presents a complete solution. Choose all that apply.)

A. From a node in Cluster2, create a Virtual Fibre Channel SAN. B. From a node in Cluster1, create a Virtual Fibre Channel SAN. C. From Cluster1, add the iSCSI Target Server cluster role. D. From Cluster1, configure the clustered File Server role of the File Server for scale-out application data type.

Answer: AD Explanation: * After the virtual machines are connected to the storage system using the virtual Fibre Channel components shared storage can be used by each VM, which enables Hyper-V guest clustering. Before the virtual Fibre Channel features were available, Hyper-V guest machines were limited to iSCSI connections to enable shared storage for guest clustering. * A new feature in Windows Server 2012 Hyper-V is the ability to create a virtual Fibre Channel SAN. Each guest VM created on Windows Server 2012 includes a new option Add hardware Fibre Channel cards, which can be attributed to World Wide node names(WWNN) and select the virtual combine Virtual SAN Fibre Channel adapters.

QUESTION 1 Your network contains two clusters. The clusters are configured as shown in the following table. All of the servers in both of the clusters run Windows Server 2012. You need to plan the application of Windows updates to the nodes in the cluster. What should you include in the plan? More than one answer choice may achieve the goal. Select the BEST answer.

QUESTION 2 Your network contains an Active Directory domain named contoso.com. The domain contains 20 servers that run Windows Server 2012. The domain contains a Microsoft System Center 2012 infrastructure. A web application named WebApp1 is installed on the 20 servers. You plan to deploy a custom registry key for WebApp1 on the 20 servers. You need to deploy the registry key to the 20 servers. The solution must ensure that you can verify whether the registry key was applied successfully to the servers. What should you do? More than one answer choice may achieve the goal. Select the BEST answer.

A. From Operations Manager, create a monitor. B. From the Group Policy Management console, create a Group Policy object (GPO). C. From Configuration Manager, create a Compliance Settings. D. From Orchestrator Runbook Designer, create a runbook.

QUESTION 3 Your network contains an Active Directory domain named contoso.com. The network contains a server named Server1 that has the Hyper-V server role installed. Server1 hosts a virtual machine named VM1. You deploy a new standalone server named Server2. You install the Hyper-V server role on Server2. Another administrator named Admin1 plans to create a replica of VM1 on Server2. You need to ensure that Admin1 can configure Server2 to receive a replica of VM1. To which group should you add Admin1?

QUESTION 4 Your network contains servers that run Windows Server 2012. The network contains two servers named Server1 and Server2 that are connected to a SAS storage device. The device only supports two connected computers. Server1 has the iSCSI Target Server role service installed. Ten application servers use their iSCSI Initiator to connect to virtual disks in the SAS storage device via iSCSI targets on Server1. Currently, Server2 is used only to run backup software. You install the iSCSI Target Server role service on Server2. You need to ensure that the iSCSI targets are available if Server1 fails. Which five actions should you perform? To answer, move the five appropriate actions from the list of actions to the answer area and arrange them in the correct order. Answer: Explanation: http://blogs.msdn.com/b/clustering/archive/2012/05/01/10299698.aspx

QUESTION 5 Your network contains multiple servers that run Windows Server 2012. You plan to implement three virtual disks. The virtual disks will be configured as shown in the following table. You need to identify the minimum number of physical disks required for each virtual disk. How many disks should you identify? To answer, drag the appropriate number of disks to the correct virtual disk in the answer area. Each number of disks may be used once, more than once, or not at all. Additionally, you may need to drag the split bar between panes or scroll to view content. Answer: Explanation:

QUESTION 6 Your network contains five servers that run Windows Server 2012. You install the Hyper-V server role on the servers. You create an external virtual network switch on each server. You plan to deploy five virtual machines to each Hyper-V server. Each virtual machine will have a virtual network adapter that is connected to the external virtual network switch and that has a VLAN identifier of 1. Each virtual machine will run Windows Server 2012. All of the virtual machines will run the identical web application. You plan to install the Network Load Balancing (NLB) feature on each virtual machine and join each virtual machine to an NLB cluster. The cluster will be configured to use unicast only. You need to ensure that the NLB feature can distribute connections across all of the virtual machines. What should you do?

A. From the properties of each virtual machine, add a second virtual network adapter. Connect the new virtual network adapters to the external virtual network switch. Configure the new virtual network adapters to use a VLAN identifier of 2. B. On each Hyper-V server, create a new private virtual network switch. From the properties of each virtual machine, add a second virtual network adapter. Connect the new virtual network adapters to the new private virtual network switches. C. On each Hyper-V server, create a new external virtual network switch. From the properties of each virtual machine, add a second virtual network adapter. Connect the new virtual network adapters to the new external virtual network switches. D. From the properties of each virtual machine, enable MAC address spoofing for the existing virtual network adapter.

Answer: D Explanation: MAC spoofing The changing of the assigned MAC address may allow the bypassing of access control lists on servers or routers, either hiding a computer on a network or allowing it to impersonate another network device. A user may wish to legitimately spoof the MAC address of a previous hardware device in order to reacquire connectivity after hardware failure. http://blogs.technet.com/b/jhoward/archive/2009/05/21/new-in-hyper-v-windows-server-2008-r2- part-2-macspoofing.aspx

QUESTION 7 Your network contains an Active Directory domain named contoso.com. You currently have an intranet web site that is hosted by two Web servers named Web1 and Web2. Web1 and Web2 run Windows Server 2012. Users use the name intranet.contoso.com to request the web site and use DNS round robin. You plan to implement the Network Load Balancing (NLB) feature on Web1 and Web2. You need to recommend changes to the DNS records for the planned implementation. What should you recommend?

A. Create one alias (CNAME) record named Intranet. Map the CNAME record to Intranet. B. Delete both host (A) records named Intranet. Create a pointer (PTR) record for each Web server. C. Create a new host (A) record named Intranet. Remove both host (A) records for Web1 and Web2. D. Delete one of the host (A) records named Intranet. Modify the remaining host (A) record named Intranet.

QUESTION 8 Your network contains a server named Server1 that runs Windows Server 2012. Server1 is configured as a Hyper-V host. Server1 hosts a virtual machine named VM1. VM1 is configured as a file server that runs Windows Server 2012. VM1 connects to a shared storage device by using the iSCSI Initiator. You need to back up the files and the folders in the shared storage used by VM1. The solution must ensure that open files are included in the backup. What should you do?

A. From Hyper-V Manager, create a snapshot of VM1. B. From Server1, perform a backup by using Windows Server Backup. C. From VM1, perform a backup by using Windows Server Backup. D. From Microsoft System Center 2012 Virtual Machine Manager (VMM), create a copy of VM1.

QUESTION 9 Your network contains three networks named LAN1, LAN2, and LAN3. You have a Hyper-V host named Hyper1 that has Windows Server 2012 installed. Hyper1 has three network adapters. The network adapters are configured as shown in the following table. Hyper1 hosts 10 virtual machines. A virtual machine named VM1 runs a line-of-business application that is used by all of the users of LAN1. All of the other virtual machines are connected to LAN2. You need to implement a solution to ensure that users can access VM1 if either NIC1 or NIC2 fails. What should you do?

A. From the properties of each virtual network adapter, enable network adapter teaming, and then modify the bandwidth management settings. B. From the properties of each virtual network adapter, enable network adapter teaming, and then enable virtual LAN identification. C. From the properties of each physical network adapter, enable network adapter teaming, and then add a second legacy network adapter to VM1. D. From the properties of each physical network adapter, enable network adapter teaming, and then create a virtual switch.

Answer: D

QUESTION 10 Your network contains an Active Directory domain named contoso.com. You deploy Microsoft System Center 2012 Virtual Machine Manager (VMM). The network contains five physical servers. The servers are configured as shown in the following table. You plan to use VMM to convert the existing physical servers to virtual machines. You need to identify which physical servers can be converted to virtual machines. Which servers should you identify? (Each correct answer presents part of the solution. Choose all that apply.)

QUESTION 31 You deploy an Active Directory domain named contoso.com to the network. The domain is configured as an Active Directory-integrated zone. All domain controllers run Windows Server 2012 and are DNS servers. You plan to deploy a child domain named operations.contoso.com. You need to recommend changes to the DNS infrastructure to ensure that users in the operations department can access the servers in the contoso.com domain. What should you include in the recommendation?

A. A zone delegation for _msdcs.contoso.com B. Changes to the replication scope of contoso.com C. Changes to the replication scope of _msdcs.contoso.com D. Changes to the replication scope of operations.contoso.com Answer:B

Answer: B

QUESTION 32 Your network contains an Active Directory domain named contoso.com. You deploy several servers that have the Remote Desktop Session Host role service installed. You have two organizational units (OUs). The OUs are configured as shown in the following table. GPO1 contains the Folder Redirection settings for all of the users. You need to recommend a solution to prevent the sales users’ folders from being redirected when the users log on to a Remote Desktop session. What should you include in the recommendation?

A. From GPO2, set the loopback processing mode. B. Apply a WMI filter to GP02. C. Configure security filtering for GPO1. D. From GPO1, set the loopback processing mode.

Answer: A

QUESTION 33 Your network contains an Active Directory domain named contoso.com. The functional level of the domain and the forest is Windows Server 2008 R2. All domain controllers run Windows Server 2008 R2. You plan to deploy a new line-of-business application named App1 that uses claims-based authentication. You need to recommend changes to the network to ensure that Active Directory can provide claims for App1. What should you include in the recommendation? (Each correct answer presents part of the solution. Choose all that apply.)

QUESTION 34 Your company has two divisions named Division1 and Division2. The network contains an Active Directory domain named contoso.com. The domain contains two child domains named division1.contoso.com and division2.contoso.com. The company sells division1 to another company. You need to prevent administrators in contoso.com and division2.contoso.com from gaining administrative access to the resources in division1.contoso.com. What should you recommend?

A. Create a new tree in the forest named contoso.secure. Migrate the resources and the accounts in division1.contoso.com to contoso.secure. B. On the domain controller accounts in division1.contoso.com, deny the Enterprise Admins group the Allowed to Authenticate permission. C. Create a new forest and migrate the resources and the accounts in division1.contoso.com to the new forest. D. In division1.contoso.com, remove the Enterprise Admins group from the Domain Admins group and remove the Enterprise Admins group from the access control list (ACL) on the division1.contoso.com domain object.

Answer: C

QUESTION 35 Your network contains an Active Directory domain named contoso.com. On several organizational units (OUs), an administrator named Admin1 plans to delegate control of custom tasks. You need to ensure that Admin1 can delegate a custom task named Task1 by using the Delegation of Control Wizard. What should you do?

A. Add a new class to the Active Directory schema. B. Configure a custom MMC console. C. Modify the Delegwiz.inf file. D. Configure a new authorization store by using Authorization Manager.

Answer: C

QUESTION 36 Your network contains an Active Directory forest. The forest contains two Active Directory domains named contoso.com and child.contoso.com. The forest functional level is Windows Server 2003. The functional level of both domains is Windows Server 2008. The forest contains three domain controllers. The domain controllers are configured as shown in the following table. DC1 and DC2 have the DNS Server server role installed and are authoritative for both contoso.com and child.contoso.com. The child.contoso.com domain contains a server named serverl.child.contoso.com that runs Windows Server 2012. You plan to deploy server1.child.contoso.com as a read-only domain controller (RODC). You run the adprep.exe /rodcprep command on DC3 and receive the following error message: You need to identify what prevents you from successfully running Adprep /rodcprep on DC3. What should you identify?

A. The domain functional level of child.contoso.com is set to the wrong level. B. DC3 cannot connect to the infrastructure master on DC2. C. DC3 cannot connect to the domain naming master on DC1. D. The forest functional level is set to the wrong level.

Answer: B

QUESTION 37 Your network contains an Active Directory forest named contoso.com. The forest functional level is Windows Server 2012. The forest contains an Active Directory domain. The domain contains a global security group named GPO_Admins that is responsible for managing Group Policies in the forest. A second forest named fabrikam.com contains three domains. The forest functional level is Windows Server 2003. You need to design a trust infrastructure to ensure that the GPO_Admins group can create, edit, and link Group Policies in every domain of the fabrikam.com forest. What should you include in the design? More than one answer choice may achieve the goal. Select the BEST answer.

QUESTION 38 Your network contains an Active Directory domain named contoso.com. Client computers run either Windows 7 or Windows 8. You plan to implement several Group Policy settings that will apply only to laptop computers. You need to recommend a Group Policy strategy for the planned deployment. What should you include in the recommendation? More than one answer choice may achieve the goal. Select the BEST answer.

QUESTION 39 Your network contains an Active Directory domain named contoso.com. The domain contains an organizational unit (OU) named 0U1. You have a Group Policy object (GPO) named GP01 that is linked to contoso.com. GPO1 contains custom security settings. You need to design a Group Policy strategy to meet the following requirements: * The security settings in GPO1 must be applied to all client computers. * Only GPO1 and other GPOs that are linked to OU1 must be applied to the client computers in OU1. What should you include in the design? More than one answer choice may achieve the goal. Select the BEST answer.

A. Enable the Block Inheritance option at the domain level. Enable the Enforced option on GPO1. B. Enable the Block Inheritance option on OU1. Link GPO1 to OU1. C. Enable the Block Inheritance option on OU1. Enable the Enforced option on GPO1. D. Enable the Block Inheritance option on OU1. Enable the Enforced option on all of the GPOs linked to 0U1.

Answer: C

QUESTION 40 A new company registers the domain name of contoso.com. The company has a web presence on the Internet. All Internet resources have names that use a DNS suffix of contoso.com. A third-party hosts the Internet resources and is responsible for managing the contoso.com DNS zone on the Internet. The zone contains several hundred records. The company plans to deploy an Active Directory forest. You need to recommend an Active Directory forest infrastructure to meet the following requirements: * Ensure that users on the internal network can resolve the names of the company’s Internet resources. * Minimize the amount of administrative effort associated with the addition of new Internet servers. What should you recommend?

A. A forest that contains a root domain named contoso.com and another domain named ad.contoso.com B. A forest that contains a root domain named contoso.com and another domain named contoso.local C. A forest that contains a single domain named contoso.local D. A forest that contains a single domain named contoso.com

QUESTION 21 Your network contains an Active Directory forest named contoso.com. You plan to automate the deployment of servers that run Windows Server 2012. You identify the following requirements for the deployment: * Update the custom images that will be used for the deployment. * Add custom drivers to the images that will be used for the deployment. * Add software packages to the images that will be used for the deployment. * Perform a zero touch bare-metal installation that uses Wake On LAN. A network consultant recommends using Windows Deployment Services (WDS) and the Windows Assessment and Deployment Kit (Windows ADK) to deploy the servers. You need to identify which requirements are achieved by using the consultant’s recommendations. Which requirements should you identify? (Each correct answer presents part of the solution. Choose all that apply.)

A. Add custom drivers to the images used for the deployment. B. Add software packages to the images used for the deployment. C. Update the custom images used for the deployment. D. Perform a zero touch bare-metal installation that uses Wake On LAN.

Answer: ABC

QUESTION 22 Your network contains an Active Directory forest named contoso.com. You plan to deploy 200 new physical servers during the next 12 months by using Windows Deployment Services (WDS). You identify four server builds for the 200 servers as shown in the following table. You need to recommend the minimum number of images that must be created for the planned deployment. How many images should you recommend?

A. 1 B. 2 C. 3 D. 4

Answer: A

QUESTION 23 Your network contains three servers named Server1, Server2, and Server3 that run Windows Server 2012. Server3 is connected to a disk storage array. You need to ensure that Server1 can store files on the storage array. The solution must ensure that Server1 can access the storage as a local disk. What should you configure on each server? To answer, drag the appropriate configuration to the correct location in the answer area. Each configuration may be used once, more than once, or not at all. Additionally, you may need to drag the split bar between panes or scroll to view content. Answer:

QUESTION 24 Your company has a main office and four branch offices. The main office is located in London. The network contains an Active Directory domain named contoso.com. Each office contains one domain controller that runs Windows Server 2012. The Active Directory site topology is configured as shown in the exhibit. (Click the Exhibit button.) You discover that when a domain controller in a branch office is offline for maintenance, users in that branch office are authenticated by using the domain controllers in any of the sites. You need to recommend changes to Active Directory to ensure that when a domain controller in a branch office is offline, the users in that branch office are authenticated by the domain controllers in London. What should you include in the recommendation?

QUESTION 25 Your network contains an Active Directory domain named contoso.com. The physical topology of the network is configured as shown in the exhibit. (Click the Exhibit button.) Each office contains 500 employees. You plan to deploy several domain controllers to each office. You need to recommend a site topology for the planned deployment. What should you include in the recommendation? More than one answer choice may achieve the goal. Select the BEST answer.

A. Five sites and three site links B. Five sites and one site link C. Three sites and three site links D. One site

Answer: A

QUESTION 26 Your company has a main office and a branch office. The main office contains 2,000 users. The branch office contains 800 users. Each office contains three IP subnets. The company plans to deploy an Active Directory forest. You need to recommend an Active Directory infrastructure to meet the following requirements: * Ensure that the users are authenticated by using a domain controller in their respective office. * Minimize the amount of Active Directory replication traffic between the offices. Which Active Directory infrastructure should you recommend? More than one answer choice may achieve the goal. Select the BEST answer.

A. Two domains and one site B. Two domains and two sites C. One domain and two sites D. One domain and six sites

Answer: B

QUESTION 27 Your network contains an Active Directory domain named contoso.com. The Active Directory site topology is configured as shown in the exhibit. (Click the Exhibit button.) DC1 and DC2 run Windows Server 2003 R2. All FSMO roles are located on DC2. You plan to deploy a read-only domain controller (RODC) to Site3. You need to recommend changes to the network to support the planned RODC implementation. What should you recommend? More than one answer choice may achieve the goal. Select the BEST answer.

QUESTION 28 Your network contains a Hyper-V host named Host1 that runs Windows Server 2012. Host1 contains a virtual machine named DC1. DC1 is a domain controller that runs Windows Server 2012. You plan to clone DC1. You need to recommend which steps are required to prepare DC1 to be cloned. What should you include in the recommendation? (Each correct answer presents part of the solution. Choose all that apply.)

QUESTION 29 Your network contains an Active Directory domain named contoso.com. Your company plans to open a branch office. The branch office will have 10 client computers that run Windows 8 and at least one server that runs Windows Server 2012. The server will host BranchCache files and manage print queues for the network print devices in the branch office. You need to recommend a solution to ensure that the users in the branch office can print if the branch office server fails. What should you recommend? More than one answer choice may achieve the goal. Select the BEST answer.

QUESTION 30 Your company has a main office that contains several servers and several users. The main office contains a file server named Server1 that runs Windows Server 2012. The users access a large report file that is created on Server1 each day. The company plans to open a new branch office. The branch office will contain only client computers. You need to implement a solution to reduce the amount of bandwidth used by the client computers in the branch office to download the report each day. What should you do? More than one answer choice may achieve the goal. Select the BEST answer.

A. Install the BranchCache for network files role service on Server1. Configure the client computers to use BranchCache in hosted cache mode. B. Configure the offline settings of the shared folder that contains the report. C. Install the BranchCache for network files role service on Server1. Configure the client computers to use Branchcache in distributed mode. D. Enable the Background Intelligent Transfer Service (BITS) feature on Server1 and on each client computer in the branch office. Move the report to a web folder.

QUESTION 11 Your company has a main office.The network contains an Active Directory domain named contoso.com. The main office contains a server named Server1 that runs Windows Server 2012. Server1 has the Remote Access server role installed and is configured to accept incoming SSTP-based VPN connections. All client computers run Windows 7. The company plans to open a temporary office that will contain a server named Server2 that runs Windows Server 2012 and has the DHCP Server server role installed. The office will also have 50 client computers and an Internet connection. You need to recommend a solution to provide the users in the temporary office with access to the resources in the main office. What should you recommend? More than one answer choice may achieve the goal. Select the BEST answer.

A. Use the Connection Manager Administration Kit (CMAK) to create a connection package that specifies Server1 as the target for SSTP-based VPN connections. Manually distribute the CMAK package to each client computer in the temporary office. B. Install the Remote Access server role on Server2. From Routing and Remote Access on Server2, add a SSTP-based VPN port. From DHCP on Server2, configure the default gateway server option. C. Uses the Connection Manager Administration Kit (CMAK) to create a connection package that specifies Server1 as the target for SSTP-based VPN connections. Use a Group Policy object (GPO) to distribute the CMAK package to each client computer in the temporary office. D. Install the Remote Access server role on Server2. From Routing and Remote Access on Server2, configure a demand-dial interface. From DHCP on Server2, configure the default gateway server option.

Answer: B

QUESTION 12 Your network contains an Active Directory domain named contoso.com. The domain contains servers that run either Windows Server 2008 R2 or Windows Server 2012. All client computers on the internal network are joined to the domain. Some users establish VPN connections to the network by using Windows computers that do not belong to the domain. All client computers receive IP addresses by using DHCP. You need to recommend a Network Access Protection (NAP) enforcement method to meet the following requirements: * Verify whether the client computers have up-to-date antivirus software. * Provides a warning to users who have virus definitions that are out-of-date. * Ensure that client computers that have out-of-date virus definitions can connect to the network. Which NAP enforcement method should you recommend?

A. VPN B. DHCP C. IPsec D. 802.1x

Answer: B

QUESTION 13 Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012. Server1 resides in the perimeter network and has the Remote Access server role installed. Some users have laptop computers that run Windows 7 and are joined to the domain. Some users work from home by using their home computers. The home computers run either Windows XP, Windows Vista/ Windows 7, or Windows 8. You need to configure the computers for remote access. Which three actions should you perform? To answer, move the three appropriate actions from the list of actions to the answer area and arrange them in the correct order. Answer:

QUESTION 14 Your network contains multiple servers that run Windows Server 2012. All client computers run Windows 8. You need to recommend a centralized solution to download the latest antivirus definitions for Windows Defender. What should you include in the recommendation?

QUESTION 15 Your network contains an Active Directory domain named contoso.com. The domain contains three VLANs. The VLANs are configured as shown in the following table. All client computers run either Windows 7 or Windows 8. The corporate security policy states that all of the client computers must have the latest security updates installed. You need to implement a solution to ensure that only the client computers that have all of the required security updates installed can connect to VLAN 1. The solution must ensure that all other client computers connect to VLAN 3. Which Network Access Protection (NAP) enforcement method should you implement?

A. VPN B. DHCP C. IPsec D. 802.1x

Answer: D

QUESTION 16 You have a server named Server1 that runs Windows Server 2012. You have a 3-TB database that will be moved to Server1. Server1 has the following physical disks: You need to recommend a solution to ensure that the database can be moved to Server1. The solution must ensure that the database is available if a single disk fails. What should you include in the recommendation?

A. Add each disk to a separate storage pool. Create a mirrored virtual disk. B. Add two disks to a storage pool. Add the other disk to another storage pool. Create a mirrored virtual disk. C. Add all of the disks to a single storage pool, and then create two simple virtual disks. D. Add all of the disks to a single storage pool, and then create a parity virtual disk.

Answer: D

QUESTION 17 Your network contains an Active Directory domain named contoso.com. The domain contains 10 sites. The sites are located in different cities and connect to each other by using low-latency WAN links. In each site, you plan to implement Microsoft System Center 2012 Configuration Manager and to deploy multiple servers. You need to recommend which Configuration Manager component must be deployed to each site for the planned deployment. What should you include in the recommendation? More than one answer choice may achieve the goal. Select the BEST answer.

A. A management point B. A software update point C. A distribution group point D. A secondary site server that has all of the Configuration Manager roles installed Answer:C

Answer: B

QUESTION 18 Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2008. Server1 is configured as an enterprise certification authority (CA). You back up all of the data on Server1, and then export the private and public keys of the CA. You plan to replace Server1 with a new member server that was purchased recently. You need to identify which actions must be performed on the new server to restore the certificate services of Server1. Which three actions should you identify? To answer, move the three appropriate actions from the list of actions to the answer area and arrange them in the correct order. Answer:

QUESTION 19 Your network contains an Active Directory forest named contoso.com. The forest is managed by using Microsoft System Center 2012. You plan to create virtual machine templates to deploy servers by using the Virtual Machine Manager Self-service Portal (VMMSSP). To the Virtual Machine Manager (VMM) library, you add a VHD that has a generalized image of Windows Server 2012. You need to identify which VMM components must be associated with the image. Which components should you identify? (Each correct answer presents part of the solution. Choose all that apply.)

QUESTION 20 Your network contains 50 servers that run Windows Server 2003 and 50 servers that run Windows Server 2008. You plan to implement Windows Server 2012. You need to create a report that includes the following information: * The servers that run applications and services that can be moved to Windows Server 2012 * The servers that have hardware that can run Windows Server 2012 * The servers that are suitable to be converted to virtual machines hosted on Hyper-V hosts that run Windows Server 2012 What should you do?

A. From an existing server, run the Microsoft Application Compatibility Toolkit (ACT). B. Install Windows Server 2012 on a new server, and then run the Windows Server Migration Tools. C. Install Windows Server 2012 on a new server, and then run Microsoft Deployment Toolkit (MDT) 2012. D. From an existing server, run the Microsoft Assessment and Planning (MAP) Toolkit.

QUESTION 1 Your company has a main office. The main office is located in a building that has 10 floors. A datacenter on the ground floor contains a Windows Server 2012 failover cluster. The failover cluster contains a DHCP server resource named DHCP1. All client computers receive their IP addresses from DHCP1. All client computers are part of the 131.107.0.0/16 IPv4 subnet. You plan to implement changes to the network subnets to include a separate subnet for each floor of the office building. The subnets will connect by using routers. You need to recommend changes to the DHCP infrastructure to ensure that all of the client computers can receive their IP configuration by using DHCP. What should you recommend? More than one answer choice may achieve the goal. Select the BEST answer.

A. Install a remote access server on each floor. Configure a DHCP relay agent on each new DHCP server. Create a scope for each subnet on DHCP1. B. Install a DHCP server on each floor. Create a scope for the local subnet on each new DHCP server. Enable DHCP Failover on each new DHCP server. C. Configure each router to forward requests for IP addresses to DHCP1. Create a scope for each subnet on DHCP1. D. Configure each router to forward requests for IP addresses to DHCP1. Create a scope for the 10.0.0.0/16 subnet on DHCP1.

Answer: C

QUESTION 2 You deploy an Active Directory domain named contoso.com to the network. The domain is configured as an Active Directory-integrated zone. All domain controllers run Windows Server 2012 and are DNS servers. You plan to deploy a child domain named operations.contoso.com. You need to recommend changes to the DNS infrastructure to ensure that users in the operations department can access the servers in the contoso.com domain. What should you include in the recommendation?

A. A zone delegation for _msdcs.contoso.com B. Changes to the replication scope of contoso.com C. Changes to the replication scope of _msdcs.contoso.com D. Changes to the replication scope of operations.contoso.com Answer:B

Answer: B

QUESTION 3 Your network contains an Active Directory domain named contoso.com. The domain contains an IP Address Management (IPAM) server. You plan to delegate the administration of IPAM as shown in the following table. You need to recommend which IPAM security group must be used for each department. The solution must minimize the number of permissions assigned to each group. What should you recommend? To answer, drag the appropriate group to the correct department in the answer area. Each group may be used once, more than once, or not at all. Additionally, you may need to drag the split bar between panes or scroll to view content. Answer:

QUESTION 4 Your network contains an internal network and a perimeter network. The internal network contains an Active Directory forest named contoso.com. The forest contains a Microsoft Exchange Server 2010 organization. All of the domain controllers in contoso.com run Windows Server 2012. The perimeter network contains an Active Directory forest named litware.com. You deploy Microsoft Forefront Unified Access Gateway (UAG) to litware.com. All of the domain controllers in litware.com run Windows Server 2012. Some users connect from outside the network to use Outlook Web App. You need to ensure that external users can authenticate by using client certificates. What should you do? More than one answer choice may achieve the goal. Select the BEST answer.

QUESTION 5 Your network contains an Active Directory domain named contoso.com. You plan to implement multiple DHCP servers. An administrator named Admin1 will authorize the DHCP servers. You need to ensure that Admin1 can authorize the planned DHCP servers. To which container should you assign Admin1 permissions? To answer, select the appropriate node in the answer area. Answer:

QUESTION 6 Your network contains an Active Directory forest named corp.contoso.com. All servers run Windows Server 2012. The network has a perimeter network that contains servers that are accessed from the Internet by using the contoso.com namespace. The network contains four DNS servers. The servers are configured as shown in the following table. All of the client computers on the perimeter network use Server1 and Server2 for name resolution. You plan to add DNS servers to the corp.contoso.com domain. You need to ensure that the client computers automatically use the additional name servers. The solution must ensure that only computers on the perimeter network can resolve names in the corp.contoso.com domain. Which DNS configuration should you implement on Server1 and Server2? To answer, drag the appropriate DNS configuration to the correct location in the answer area. Each DNS configuration may be used once, more than once, or not at all. Additionally, you may need to drag the split bar between panes or scroll to view content. Answer:

QUESTION 7 Your network contains an Active Directory domain named contoso.com. All servers run either Windows Server 2008 R2 or Windows Server 2012. Your company uses IP Address Management (IPAM) to manage multiple DHCP servers. A user named User1 is a member of the IPAM Users group and is a member of the local Administrators group on each DHCP server. When User1 edits a DHCP scope by using IPAM, the user receives the error message shown in the exhibit. (Click the Exhibit button.) You need to prevent User1 from receiving the error message when editing DHCP scopes by using IPAM. What should you do? A. Add User1 to the DHCP Administrators group on each DHCP server. B. Add User1 to the IPAM Administrators group. C. Run the Set-IpamServerConfig cmdlet. D. Run the Invoke-IpamGpoProvisioning cmdlet.

Answer: B

QUESTION 8 Your network contains an Active Directory forest named corp.contoso.com. All servers run Windows Server 2012. The network has a perimeter network that contains servers that are accessed from the Internet by using the contoso.com namespace. The network contains four DNS servers. The servers are configured as shown in the following table. All of the client computers on the perimeter network use Server1 and Server2 for name resolution. You plan to add DNS servers to the corp.contoso.com domain. You need to ensure that the client computers automatically use the additional name servers. The solution must ensure that only computers on the perimeter network can resolve names in the corp.contoso.com domain. Which DNS configuration should you implement on Server1 and Server2? To answer, drag the appropriate DNS configuration to the correct location in the answer area. Each DNS configuration may be used once, more than once, or not at all. Additionally, you may need to drag the split bar between panes or scroll to view content. Answer:

QUESTION 9 Your network contains an Active Directory domain named contoso.com. The domain contains multiple sites. You plan to deploy DirectAccess. The network security policy states that when client computers connect to the corporate network from the Internet, all of the traffic destined for the Internet must be routed through the corporate network. You need to recommend a solution for the planned DirectAccess deployment that meets the security policy requirement. What should you include in the recommendation?

A. Set the ISATAP State to state enabled. B. Enable split tunneling. C. Set the ISATAP State to state disabled. D. Enable force tunneling.

Answer: D

QUESTION 10 Your network contains an Active Directory domain. You plan to implement a remote access solution that will contain three servers that run Windows Server 2012. The servers will be configured as shown in the following table. You need to ensure that all VPN connection requests are authenticated and authorized by either Server2 or Server3. The solution must ensure that the VPN connections can be authenticated if either Server2 or Server3 fails. What should you do?

A. On Server1, configure a RADIUS proxy. Add Server2 and Server3 to a failover cluster. B. Add Server2 and Server3 to a Network Load Balancing (NLB) cluster. On Server1, modify the Authentication settings. C. On Server1, configure a RADIUS proxy. On Server2 and Server3, add a RADIUS client. D. On Server2 and Server3, add a RADIUS client. On Server1, modify the Authentication settings.

QUESTION 381 Hotspot Question Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the following BitLocker Drive Encryption (BitLocker) settings: You need to ensure that drive D will unlock automatically when Server1 restarts. What command should you run? To answer, select the appropriate options in the answer area. Answer:

QUESTION 382 You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the File Server Resource Manager role service installed. Each time a user receives an access-denied message after attempting to access a folder on Server1, an email notification is sent to a distribution list named DL1. You create a folder named Folder1 on Server1, and then you configure custom NTFS permissions for Folder 1. You need to ensure that when a user receives an access-denied message while attempting to access Folder1, an email notification is sent to a distribution list named DL2. The solution must not prevent DL1 from receiving notifications about other access-denied messages. What should you do?

Answer: C Explanation: To specify a separate access-denied message for a shared folder by using File Server Resource Manager See step 3 below. Open File Server Resource Manager. In Server Manager, click Tools, and then click File Server Resource Manager. Expand File Server Resource Manager (Local), and then click Classification Management. Right-click Classification Properties, and then click Set Folder Management Properties. In the Property box, click Access-Denied Assistance Message, and then click Add. Click Browse, and then choose the folder that should have the custom access- denied message. In the Value box, type the message that should be presented to the users when they cannot a ccess a resource within that folder. You can add macros to the message that will insert customized text. The macros include: uk.co.certification.simulator.d.l@24b940d8 Click OK, and then click Close.

QUESTION 141 Your network contains an Active Directory forest named contoso.com. The forest contains a single domain. The domain contains three domain controllers. The domain controllers are configured as shown in the following table. You discover that when you run Group Policy Results from Group Policy Management, the settings from site-linked Group Policy objects (GPOs) fail to appear in the results. You need to ensure that the settings from site-linked GPOs appear in the results. What should you do first?

Answer: A Explanation: In this scenario a Windows 2012 server has been added to a Windows 2003 network. Note: * Before adding your new Windows 2012 Domain Controller, or attempting to perform an inplace upgrade of an existing Windows 2008 or 2008 R2 DC, you must make sure that the Schema is upgraded to support your new Windows 2012 DC, and that you prepare each domain where you plan to install Windows 2012 DCs. To do this we can use the ADPREP.exe tool found in the support\adprep folder on your installation media. * Starting with Windows 2012 there is only one version of ADPREP available, and that is a 64-bit version. * Adprep is the utility–included in the OS installation media–that performs several crucial functions to upgrade AD to support that OS. The utility has three major options: /forestprep, /domainprep, and /rodcprep. The /forestprep option runs first, extending the AD schema with new object and attribute classes that the new AD version needs. The /domainprep option creates new well-known objects in AD, App1ies security changes, and miscellaneous other bits. Finally, /rodcprep makes forest-wide security changes to allow read-only domain controller (RODC) functionality. The Windows Server 2012 R2 version of adprep.exe can run on any server that runs a 64- bit version of Windows Server 2008 or later. Reference: How to add a Windows Server 2012 R2 domain controller to an existing Windows 2008 domain http://technet.microsoft.com/en-us/library/bb726995.aspxhttp://www.ipuptime.net/Multicast.aspxhttp://technet.microsoft.com/en-us/library/gg144561(v=exchg.141).aspxhttp://en.wikipedia.org/wiki/Unique_local_address

QUESTION 142 Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2 and has the DNS Server server role installed. Server1 is configured to use a DNS server from an Internet Service Provider (ISP) as a forwarder. Corporate management requires that client computers only resolve names of contoso.com computers. You need to configure Server1 to resolve names in the contoso.com zone only. What should you do on Server1?

A. From DNS Manager, modify the root hints of Server1. B. From Windows PowerShell, run the Remove-DnsServerForwarder cmdlet. C. From Windows PowerShell, run the Set-NetDnsTransitionConfiguration cmdlet. D. From DNS Manager, modify the Advanced properties of Server1.

QUESTION 143 You have a server named Server1 that runs Windows Server 2012 R2. Each day, Server1 is backed up fully to an external disk. On Server1, the disk that contains the operating system fails. You replace the failed disk. You need to perform a bare-metal recovery of Server1 by using the Windows Recovery Environment (Windows RE). What should you use?

Answer: A Explanation: A. Enables you to back up and restore your operating system, volumes, files, folders, and applications from a command prompt. B. Accesses encrypted data on a severely damaged hard disk if the drive was encrypted by using BitLocker. Repair-bde can reconstruct critical parts of the drive and salvage recoverable data as long as a valid recovery password or recovery key is used to decrypt the data. C. Gets the value that indicates whether the ability to perform bare metal recoveries from backups has been added to the backup policy (WBPolicy object). D. Starts a volume recovery operation.

QUESTION 144 You have a file server named Server1 that runs a Server Core Installation of Windows Server 2012 R2. Server1 has a volume named D that contains user data. Server1 has a volume named E that is empty. Server1 is configured to create a shadow copy of volume D every hour. You need to configure the shadow copies of volume D to be stored on volume E. What should you run?

Answer: C Explanation: A. Sets or changes the file system label of an existing volume. -DriveLetter Specifies a letter used to identify a drive or volume in the system. B. Sets or changes the file system label of an existing volume -Path Contains valid path information. C. Displays current volume shadow copy backups and all installed shadow copy writers and providers. AddShadowStroage Adds a shadow copy storage association for a specified volume. D. Displays current volume shadow copy backups and all installed shadow copy writers and providers. Shadow Creates a new shadow copy of a specified volume. http://technet.microsoft.com/en-us/library/cc754968(v=ws.10).aspxhttp://technet.microsoft.com/en-us/library/hh848673(v=wps.620).aspx

QUESTION 145 Your network contains an Active Directory forest named contoso.com. All servers run Windows Server 2012 R2. The domain contains four servers. The servers are configured as shown in the following table. You need to deploy IP Address Management (IPAM) to manage DNS and DHCP. On which server should you install IPAM?

A. DC1 B. DC2 C. DC3 D. Server1

Answer: D

QUESTION 146 You have a server named Server1 that runs Windows Server 2012 R2. Server1 is backed up by using Windows Server Backup. The backup configuration is shown in the exhibit. You discover that only the last copy of the backup is maintained. You need to ensure that multiple backup copies are maintained. What should you do?

QUESTION 147 You have a server named Server1 that runs Windows Server 2012 R2. Server1 is located in the perimeter network and has the DNS Server server role installed. Server1 has a zone named contoso.com. You apply a security template to Server1. After you apply the template, users report that they can no longer resolve names from contoso.com. On Server1, you open DNS Manager as shown in the DNS exhibit. (Click the Exhibit button.) On Server1, you open Windows Firewall with Advanced Security as shown in the Firewall exhibit. (Click the Exhibit button.) You need to ensure that users can resolve contoso.com names. What should you do?

A. From Windows Firewall with Advanced Security, disable the DNS (TCP, Incoming) rule and the DNS (UDP, Incoming) rule. B. From DNS Manager, modify the Zone Transfers settings of the contoso.com zone. C. From DNS Manager, unsign the contoso.com zone. D. From DNS Manager, modify the Start of Authority (SOA) of the contoso.com zone. E. From Windows Firewall with Advanced Security, modify the profiles of the DNS (TCP, Incoming) rule and the DNS (UDP, Incoming) rule.

Answer: E

QUESTION 148 Your network contains an Active Directory domain named corp.contoso.com. You deploy Active Directory Rights Management Services (AD RMS). You have a rights policy template named Template1. Revocation is disabled for the template. A user named User1 can open content that is protected by Template1 while the user is connected to the corporate network. When User1 is disconnected from the corporate network, the user cannot open the protected content even if the user previously opened the content. You need to ensure that the content protected by Template1 can be opened by users who are disconnected from the corporate network. What should you modify?

A. The User Rights settings of Template1 B. The templates file location of the AD RMS cluster C. The Extended Policy settings of Template1 D. The exclusion policies of the AD RMS cluster

QUESTION 149 Your company recently deployed a new Active Directory forest named contoso.com. The forest contains two Active Directory sites named Site1 and Site2. The first domain controller in the forest runs Windows Server 2012 R2. You need to force the replication of the SYSVOL folder from Site1 to Site2. Which tool should you use?

Answer: D Explanation: D. In Windows Server 2012 R2, Windows Server 2008 R2, or Windows Server 2008, you can force replication immediately by using DFS Management, as described in Edit Replication Schedules. You can also force replication by using the Dfsrdiag SyncNow command. You can force polling by using the Dfsrdiag PollAD command. http://technet.microsoft.com/en-us/library/cc773238(v=ws.10).aspx#BKMK_072

QUESTION 150 You have 30 servers that run Windows Server 2012 R2. All of the servers are backed up daily by using Windows Azure Online Backup. You need to perform an immediate backup of all the servers to Windows Azure Online Backup. Which Windows PowerShell cmdlets should you run on each server?

QUESTION 131 You are employed as a network administrator at contoso.com . Contoso.com has an active directory domain named contoso.com All servers on the contoso.com network have Windows Server 2012 R2 installed. Contoso.com has a server named server1,which is configured as a file server. You have been instructed to enabled a feature that discovers and eradicates duplication within data without compromising its reliability or accuracy. Which of the following actions should you take?

A. You should consider having the Data Deduplication feature enabled. B. You should consider having the Storage Spaces feature enabled. C. You should consider having the Storage Management feature enabled. D. You should consider having the folder redirection feature enabled.

QUESTION 132 You are employed as a network administrator at contoso.com. contoso.com has a single Active Directory domain named contoso.com.All servers on the Contoso.com network have Windows Server 2012 R2 installed. Contoso.com has two servers,named server1 and server2 which are configured in a two-node fail over cluster. You are currently configuration the quorum settings for the cluster. You want to make use of a quorum mode that allows each node to vote if it is available and in communication. Which of the following is the mode you should use?

Answer: A Explanation: A. Allows each node to vote B. Allows each node and a disk witness to vote C. Allows each node and a File share witness to vote D. Allows one node with a specified disk to have quorum http://technet.microsoft.com/en-us/library/cc770620(v=ws.10).aspxQUESTION 133 You are employed as a network administrator at contoso.com. Contoso.com has a single Active Directory domain named contoso.com. All servers on the contoso.com network have Windows Server 2012 R2 installed. You are preparing to install a third-party application on a contoso.com server,named SERVER1. You find that the application is unable to install completely due to its driver not being digitally signed. You want to make sure that the application can be installed succesfully. Which of the following actions should you take_?

A. You should consider downloading a signed driver B. You should consider having SERVER1 is restored to an earlier date C. You should consider making use of the Disable Driver Signature Enforcement option from the Advanced Boot Option. D. You should consider restarting SERVER1 in safe Mode

QUESTION 134 You are employed as a senior network administrator at contoso.com. Contoso.com has a single Active Directory Domain named contoso.com. All servers on the contoso.com network have Windows Server 2012 R2 installed. You are running a training exercise for junior network administrator. You are currently discussing the Dnslint.exe tool. Which of the following should this tool be used for ? (Choose all that apply)

A. To help diagnose common DNS name resolution issues B. For developing scripts for configuring a DNS server C. To administer the DNS server Service. D. To look for specific DNS record set and sure that they are consistent across multiple DNS servers. E. To verify that DNS records used specifially for Active Directory replication are correct F. To Create and delete zones and resource records.

Answer: ADE Explanation: http://support.microsoft.com/kb/321045QUESTION 135 You work as an administrator at contoso.com. Contoso.com network consists of a single domain named contoso.com. All servers on the contoso.com network have Windows Server 2012 R2 installed. Contoso.com has a server,named SERVER1,which has the AD DS,DHCP and DNS server roles installed.Contoso.com also has a server named SERVER2,which has the DHCP and Remote Access Server Role installed.You have configured a server,which has the File and Storage Services Server role installed.to automatically acquire an IP address.The server is named Server3 You then create a filter on SERVER1 Which of the following is a reason for this configuration?

A. To make sure that SERVER1 issues Server3 an IP address. B. To make sure that SERVER1 does not issue SERVER3 an IP address C. To make sure that SERVER3 acquires a constant IP address from SERVER2 only. D. To make sure that SERVER3 is configured with a static IP address

Answer: B Explanation: A. MAC Address Filtering allows the ability to Deny a MAC addresses to be issued a IP from the DHCP server B. Deny Filter would not allow SERVER1 to issue SERVER3 an IP C. A DHCP Reservation on SERVER2 would be needed for a constant IP D. QUESTION: states it is configure to automatically acquire IP http://technet.microsoft.com/en-us/library/cc779507(v=ws.10).aspxhttp://technet.microsoft.com/en-us/library/ee941155(v=ws.10).aspxQUESTION 136 You are employed as a network administrator at ABC.com. ABC.com has an Active Directory domain named ABC.com. All servers on the ABC.com network have Windows Server 2012 R2 installed. You have been instructed to configure a custom Windows Recovery Environmen(Windows RE) image that should allow for a drive is mapped automatically to a network share in the event that a server is started using the image Which of the following actions should you take?

A. You should consider configuring the startnet.cmd in the image B. You should consider configuring the startup.exe command included in the image. C. You should consider configuring the ntdsutil command included in the image D. You should consider configuring the certutil.exe command included in the image

Answer: A

QUESTION 137 You are employed as a senior network administrator at ABC.com. ABC.com has an Active Directory domain named ABC.com. All servers on the ABC.com network have Windows Server 2012 R2 installed. You are currently running a training exercise for junior network administrators.You are discussing the endpoint types supported by Active Directory Federation Services(AD FS) Which of the following are supported types?(Choose all that apply)

QUESTION 138 You are employed as a senior network administrator at ABC.com. ABC.com has an Active Directory domain named ABC.com. All servers on the ABC.com network have Windows Server 2012 R2 installed The ABC.com domain has an Active Directory site configured in London,and an Active Directory site in New york. You have been instructed to make sure that the synchronization of account lockout data happens quicker.

A. You should consider editing the options attribute from WANLINK properties B. You should consider editing the options attribute from LANLIK properties C. You should consider editing the options attribute from the DEFAULTSITELINK properties D. You should consider editing the proxyAddressess attribute from the DEFAULTIPSITELINK properties.

QUESTION 139 You are employed as a senior network administrator at ABC.com. ABC.com has an Active Directory domain named ABC.com. All servers on the ABC.com network have Windows Server 2012 R2 installed. ABC.com has two servers,named SERVER1 and SERVER2 which are configured in a two-node failover cluster. Server1 includes a folder,named ABCAppData,which is configured as a Distributed File System (DFS) name space folder target. After configuring another two nodes in the failover cluster, you are instructed to make sure that access to ABC AppData is highly available. You also have to make sure that application data is replicated to ABCAppData via DFS replication. Which following actions should you take ?

A. You should consider configuring a scale-out File Server B. You should consider configuring the replication settings for the cluster C. You should consider configuring a file server for general use D. You should consider configuring the Quorum settings

Answer: A Explanation: http://technet.microsoft.com/en-us/library/hh831349.aspxQUESTION 140 Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2 and has the DHCP Server server role installed. You need to create an IPv6 scope on Server1. The scope must use an address space that is reserved for private networks. The addresses must be routable. Which IPV6 scope prefix should you use?

A. FF00:: B. 2001:: C. FD00:123:4567:: D. FE80::

Answer: C Explanation: Prefixes in the fd00::/8 range have similar properties as those of the IPv4 private address ranges: * They are not allocated by an address registry and may be used in networks by anyone without outside involvement. * They are not guaranteed to be globally unique. * Reverse Domain Name System (DNS) entries (under ip6.arpa) for fd00::/8 ULAs cannot be delegated in the global DNS. As fd00::/8 ULAs are not meant to be routed outside their administrative domain (site or organization), administrators of interconnecting networks normally do not need to worry about the uniqueness of ULA prefixes.

QUESTION 121 you are employee as a network administrator at abc.com. ABC.com has an active directory domain named ABC.com All servers on the abc.com network have Windows Server 2012 R2 installed and all workstations have windows 8 enterprise installed. ABC.com has established a remote Active directory site that only host workstations.The Computer accounts for these workstations have been placed in an organizational unit (OU),named ABCADRemote,which has a group policy object(GPO) associated with it. You are in the process of configuration Branchcahce for the remote Active directory site. You have Already turned Branchcache on. Which of the following actions should you take next_?

A. You Should consider having the set Branchcache HostedServer Cache mode setting configured B. You Should consider having the set Branchcache Hostedclient Cache mode settting configured C. You Should consider having the set Branchcache distributed cache mode setting configured D. You should consider having the set BranchCache disabled cache mode settings configured

Answer: C

QUESTION 122 You are employed as a network administrator at ABC.com. ABC.com has an active directory domain named ABC.com. ALL servers on the ABC.com network have Windows Server 2012 R2. ABC.com has a server,named server 1, which runs the windows deployment services server role. You make use of windows server backup to back up server 1. Subsequent to a disk array on server 1 becoming corrupt,you swap the disk array with new hardware. You now need to recover server1 in the shortest time conceivable. Which of the following actions should you take?

A. you should consider making use of the Windows Server 2012 R2 installation media to start server1 B. you should consider restoring server1 from a snapshot backup C. you should consider restoring server 1 from an incremental backup D. you should consider restoring server 1 from a differential backup

Answer: A

QUESTION 123 You are employed as a senior network administrator at ABC.com. ABC.com has an active directory domain named ABC.com. all servers on the abc.com network windows server2012 installed. You are currently running a training exercise for junior network administrators. You are discussing the PKISync.ps1 tool. Which of the following is true with regards to The PKISync.ps1?

A. it adds a certificate template to the CA B. it asssists administrators in diagnosing replication problems between windows domain controllers C. it is used to display information about the digital certificates that are installed on a directAccess client, DirectAcces server,or intranet resource D. it copies objects in the source forest to the target forest.

Answer: D

QUESTION 124 You are employed as a network administrator ABC.com. ABC.com has an active directory domain named ABC.com. All servers on the ABC.com network have Windows Server 2012 R2 installed. ABC.com has a server named server1 which is configured as a DHCP server. You have created a superscope on server1. Which of the following describes reason for creating a superscope?(choose all that apply.)

A. To support DHCP clients on a single physical network segment where multiple logical ip networks are used. B. To allow for the sending of network traffic to a group of endpoints destination hosts. C. To support remote DHCP clients located on the far side of DHCP and BOOTP relay agents. D. To provide fault tolerance

QUESTION 125 You are employed as a network administrator at ABC.com. ABC.com has an active directory domain named ABC.com all servers including domain controllers on the ABC.com network have Windows Server 2012 R2 installed. ABC.com has its headquarters in London and an office in paris. The London Office has a domain controller named server1,which is configured as a writeable domain controller that servers as a Global catalog server and a DNS server. Server1 is configured to host an Active Directory-integrated zone for ABC.com The Paris office has a Read-Only domain controller (RODC) named server2 which servers as a Global catalog server. After installing the DNS server role on server2, you want to make sure that the ABC.com zone is replicated to server2 via active directory replication. Which of the following actions should you take?

A. You should consider making use of Active Directory Sites and Services to Configured replication B. You should consider making use of replmon.exe to configure replication. C. You should consider making use of repadmin.exe to configure replication D. You should consider making use of Active Directory Schema To configure replication

Answer: A

QUESTION 126 You are employed as a network administrator at ABC.com. ABC.com has an Active Directory domain named. Abc.com all servers on the ABC.com network have Windows Server 2012 R2. You are running a training exercise for junior network administrators. You are currently discussing DHCP failover architecture. You have informed the trainees that DHCP servers can be deployed as fail over partners in either hot standby mode or load sharing mode. Which of the following is TRUE with regards to hot standby mode? (Choose all that apply)

A. It is when two servers function in a fail over relationship where an active server is responsible for leasing IP address and configuration data to all clients in a scope or subnet B. It when two servers in a fail over relationship server IP addresses and options to clients on a given subnet at the same time C. It is best suited to deployments where a data center server acts as a standby backup server to a server at a remote site D. It is best suited deployments where both servers in a fail over relationship are located at the same physical site

QUESTION 127 You are emloyed as a network administrator at ABC.com Abc.com has an Active directory domain named ABC.com all servers on the ABC.com network have Windows Server 2012 R2. The ABC.com domain has two Active Directory sites configured. You want to make use of change notification configure replication between these Active Directory Sites.You have opened DEFAULTIPSITELINK Properties to configure the necessary attribute. Which of the following is the attribute that needs to be configured?

QUESTION 128 You are employed as a network administrator at ABC.com. ABC.com has an Active Directory domain named ABC.com all servers on the ABC.com network have Windows Server 2012 R2 installed. ABC.com has a server named SERVER1 which has been configured to run the HYPER-V server role Server1 is configures to host multiple vitrual mahines. When ABC.com acquires a server with a better hardware configuration to SERVER1 you are instructed to relocate the vitrual machines to the new server with as little interruptions as possible. Which of the following actions should you take ? (Choose all that apply.)

A. You should consider exporting the vitrual machines from Server1. B. You should consider running a snapshot backup of the SERVER1. C. You should consider importing the vitrual machine from Server1 to the new server. D. You shoul consider restoring the snapshot backup on the hard drives of the new server.

Answer: AC

QUESTION 129 You are employed as a network administrator at consoto.com. Contoso.com has in an Active Directory domain named contoso.com. All Servers on the contoso.com network have Windows Server 2012 R2 installed. A contoso.com server ,named Server1,hosts the Active Directory Certificate Services Server role and utilizes a hardware security module(HSM) to safeguard its private key. You have beed instructed to backup the Active Directory Certificate Services (ADCS) database,log files,and private key regularly. You should not use a utility supplied by the hardware security module (HSM) creator. Which of the following actions should you take?

A. You should consider scheduling an incremental backup B. You Should consider making use of the certutil.exe command. C. You should consider schedulling a differential backup D. You should consider schedulling a copy backup

A. It is used to indicate the namespace to which the policy applies. B. It is used to indicate whether the DNS client should check for DNSSEC validation in the response. C. It is used to indicate DNSSEC must be used to protect DNS traffic for queries belonging to the namespace. D. It is used to whether DNS connections over DNSSEC will use encryption

QUESTION 111 You manage an environment that has many servers. The servers run Windows Server 2012 R2 and use iSCSI storage. Administrators report that it is difficult to locate available iSCSI resources on the network. You need to ensure that the administrators can locate iSCSI resources on the network by using a central repository. Which feature should you deploy?

QUESTION 112 Your network contains an Active Directory domain named contoso.com. The network contains a file server named Server1 that runs Windows Server 2012 R2. You create a folder named Folder1. You share Folder1 as Share1. The NTFS permissions on Folder1 are shown in the Folder1 exhibit. (Click the Exhibit button.) The Everyone group has the Full control Share permission to Folder1. You configure a central access policy as shown in the Central Access Policy exhibit. (Click the Exhibit button.) Members of the IT group report that they cannot modify the files in Folder1. You need to ensure that the IT group members can modify the files in Folder1. The solution must use central access policies to control the permissions. Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)

A. On the Classification tab of Folder1, set the classification to Information Technology. B. On the Security tab of Folder1, add a conditional expression to the existing permission entry for the IT group. C. On Share1, assign the Change Share permission to the IT group. D. On the Security tab of Folder1, remove the permission entry for the IT group. E. On the Security tab of Folder1, assign the Modify permission to the Authenticated Users group.

Answer: AE Explanation: Central access policies for files enable organizations to centrally deploy and manage authorization policies that include conditional expressions that use user groups, user claims, device claims, and resource properties. (Claims are assertions about the attributes of the object with which they are associated). For example, to access high-business-impact (HBI) data, a user must be a full-time employee, obtain access from a managed device, and log on with a smart card. These policies are defined and hosted in Active Directory Domain Services (AD DS). http://technet.microsoft.com/en-us/library/hh846167.aspx

QUESTION 113 You have a server named File1 that runs Windows Server 2012 R2. Fuel has the File Server role service installed. You plan to back up all shared folders by using Microsoft Online Backup. You download and install the Microsoft Online Backup Service Agent on File1. You need to ensure that you use Windows Server Backup to back up data to Microsoft Online Backup. What should you do?

A. From Computer Management, add the File1 computer account to the Backup Operators group. B. From Windows Server Backup, run the Register Server Wizard. C. From a command prompt, run wbadmin.exe enable backup. D. From the Services console, modify the Log On settings of the Microsoft Online Backup Service Agent.

Answer: B Explanation: A. Enables you to back up and restore your operating system, volumes, files, folders, and applications from a command prompt. B. To register a server for use with Windows Azure Backup you must run the register server wizard http://technet.microsoft.com/en-us/library/hh831677.aspx

QUESTION 114 Your network contains an Active Directory domain named contoso.com. You are creating a custom Windows Recovery Environment (Windows RE) image. You need to ensure that when a server starts from the custom Windows RE image, a drive is mapped automatically to a network share. What should you modify in the image?

QUESTION 115 You have a file server named Server1 that runs a Server Core Installation of Windows Server 2012 R2. You need to ensure that users can access previous versions of files that are shared on Server1 by using the Previous Versions tab. Which tool should you use?

QUESTION 116 Your company has a main office and a branch office. The main office contains a file server named Server1. Server1 has the BranchCache for Network Files role service installed. The branch office contains a server named Server2. Server2 is configured as a BranchCache hosted cache server. You need to preload the data from the file shares on Server1 to the cache on Server2. You generate hashes for the file shares on Server1. Which cmdlet should you run next?

QUESTION 117 Your network contains an Active Directory domain named contoso.com. The domain contains a main office and a branch office. An Active Directory site exists for each office. The domain contains two servers named Server1 and Server2 that run Windows Server 2012 R2. Both servers have the DHCP Server server role installed. Server1 is located in the main office site. Server2 is located in the branch office site. Server1 provides IPv4 addresses to the client computers in the main office site. Server2 provides IPv4 addresses to the client computers in the branch office site. You need to ensure that if either Server1 or Server2 are offline, the client computers can still obtain IPv4 addresses. The solution must meet the following requirements: – The storage location of the DHCP databases must not be a single point of failure. – Server1 must provide IPv4 addresses to the client computers in the branch office site only if Server2 is offline. – Server2 must provide IPv4 addresses to the client computers in the main office site only if Server1 is offline. Which configuration should you use?

QUESTION 118 Your company has a main office and a branch office. The main office is located in Detroit. The branch office is located in Seattle. The network contains an Active Directory domain named adatum.com. Client computers run either Windows 7 Enterprise or Windows 8 Enterprise. The main office contains 1,000 client computers and 50 servers. The branch office contains 20 client computers. All computer accounts for the branch office are located in an organizational unit (OU) named SeattleComputers. A Group Policy object (GPO) named GPO1 is linked to the SeattleComputers OU. You need to configure BranchCache for the branch office. Answer:

QUESTION 119 You have a server named Server 1 that runs Windows Server 2012 R2. Server1 has five network adapters. Three of the network adapters are connected to a network named LAN1. The two other network adapters are connected to a network named LAN2. You create a network adapter team named Team1 from two of the adapters connected to LAN1. You create a network adapter team named Team2 from the two adapters connected to LAN2. A company policy states that all server IP addresses must be assigned by using a reserved address in DHCP. You need to identify how many DHCP reservations you must create for Server1. How many reservations should you identify?

QUESTION 120 Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the IP Address Management (IPAM) Server feature installed. IPAM is configured currently for Group Policy-based provisioning. You need to change the IPAM provisioning method on Server1. What should you do?

QUESTION 101 You have a server named Server1 that runs Windows Server 2012 R2. Windows Server 2012 R2 is installed on volume C. You need to ensure that Safe Mode with Command Prompt loads the next time Server1 restarts. Which tool should you use?

QUESTION 102 You have a server named Server1 that runs a Server Core Installation of Windows Server 2012 R2. Shadows copies are enabled on all volumes. You need to delete a specific shadow copy. The solution must minimize server downtime. Which tool should you use?

A. Vssadmin B. Diskpart C. Wbadmin D. Shadow

Answer: A Explanation: http://technet.microsoft.com/en-us/library/cc788026(v=ws.10).aspxQUESTION 103 Your network contains two Web servers named Server1 and Server2. Server1 and Server2 are nodes in a Network Load Balancing (NLB) cluster. You configure the nodes to use the port rule shown in the exhibit. (Click the Exhibit button.) You need to configure the NLB cluster to meet the following requirements: – HTTPS connections must be directed to Server1 if Server1 is available. – HTTP connections must be load balanced between the two nodes. Which three actions should you perform? (Each correct answer presents part of the solution. Choose three.)

A. From the host properties of Server1, set the Handling priority of the existing port rule to 2. B. From the host properties of Server1, set the Handling priority of the existing port rule to 1. C. From the host properties of Server2, set the Priority (Unique host ID) value to 1. D. Create a port rule for TCP port 80. Set the Filtering mode to Multiple host and set the Affinity to None. E. From the host properties of Server2, set the Handling priority of the existing port rule to 2. F. Create an additional port rule for TCP port 443. Set the Filtering mode to Multiple host and set the Affinity to Single.

Answer: BDE Explanation: Handling priority: When Single host filtering mode is being used, this parameter specifies the local host’s priority for handling the networking traffic for the associated port rule. The host with the highest handling priority (lowest numerical value) for this rule among the current members of the cluster will handle all of the traffic for this rule. The allowed values range from 1, the highest priority, to the maximum number of hosts allowed (32). This value must be unique for all hosts in the cluster. E (not C): Lower priority (2) for Server 2. D: HTTP is port 80. Multiple hosts. This parameter specifies that multiple hosts in the cluster handle network traffic for the associated port rule. This filtering mode provides scaled performance in addition to fault tolerance by distributing the network load among multiple hosts. You can specify that the load be equally distributed among the hosts or that each host handle a specified load weight. Reference: Network Load Balancing parameters

QUESTION 104 Your network contains two Active Directory forests named contoso.com and litwareinc.com. A two- way forest trusts exists between the forest. Selective authentication is enabled on the trust. The contoso.com forest contains a server named Server1. You need to ensure that users in litwareinc.com can access resources on Server1. What should you do?

QUESTION 105 Your network contains an Active Directory domain named contoso.com. The domain contains two member servers named Server1 and Server2. All servers run Windows Server 2012 R2. Server1 and Server2 have the Failover Clustering feature installed. The servers are configured as nodes in a failover cluster named Cluster1. You add two additional nodes to Cluster1. You have a folder named Folder1 on Server1 that contains application data. You plan to provide continuously available access to Folder1. You need to ensure that all of the nodes in Cluster1 can actively respond to the client requests for Folder1. What should you configure?

Answer: L Explanation: http://technet.microsoft.com/en-us/library/hh831349.aspxScale-Out File Server for application data (Scale-Out File Server) This clustered file server is introduced in Windows Server 2012 R2 and lets you store server application data, such as Hyper-V virtual machine files, on file shares, and obtain a similar level of reliability, availability, manageability, and high performance that you would expect from a storage area network. All file shares are online on all nodes simultaneously. File shares associated with this type of clustered file server are called scale-out file shares. This is sometimes referred to as active-active. QUESTION 106 Information and details provided in a question apply only to that question. Your network contains an Active Directory domain named contoso.com. The domain contains two member servers named Server1 and Server2. All servers run Windows Server 2012 R2. Server1 and Server2 have the Network Load Balancing (NLB) feature installed. The servers are configured as nodes in an NLB cluster named Cluster1. Cluster1 hosts a secure web application named WebApp1. WebApp1 saves user state information locally on each node. You need to ensure that when users connect to WebApp1, their session state is maintained. What should you configure?

QUESTION 107 Your network contains an Active Directory domain named contoso.com. A previous administrator implemented a Proof of Concept installation of Active Directory Rights Management Services (AD RMS). After the proof of concept was complete, the Active Directory Rights Management Services server role was removed. You attempt to deploy AD RMS. During the configuration of AD RMS, you receive an error message indicating that an existing AD RMS Service Connection Point (SCP) was found. You need to remove the existing AD RMS SCP. Which tool should you use?

QUESTION 108 Your network contains an Active Directory forest. The forest contains two domains named contoso.com and fabrikam.com. The functional level of the forest is Windows Server 2003. You have a domain outside the forest named adatum.com. You need to configure an access solution to meet the following requirements: – Users in adatum.com must be able to access resources in contoso.com. – Users in adatum.com must be prevented from accessing resources in fabrikam.com. – Users in both contoso.com and fabrikam.com must be prevented from accessing resources in adatum.com. What should you create?

A. a one-way realm trust from contoso.com to adatum.com B. a one-way realm trust from adatum.com to contoso.com C. a one-way external trust from contoso.com to adatum.com D. a one-way external trust from adatum.com to contoso.com

Answer: C

QUESTION 109 Your network contains an Active Directory domain named contoso.com. All file servers in the domain run Windows Server 2012 R2. The computer accounts of the file servers are in an organizational unit (OU) named OU1. A Group Policy object (GPO) named GPO1 is linked to OU1. You plan to modify the NTFS permissions for many folders on the file servers by using central access policies. You need to identify any users who will be denied access to resources that they can cu rrently access once the new permissions are implemented. In which order should you Perform the five actions? Answer: Explanation: I hate steps like this because you can create a rule first and then the policy, or you can create the policy and create the rule during the creation of the policy. Either way I’m going to go with creating the policy first, and then the rule.

QUESTION 110 You have a file server named Server1 that runs Windows Server 2012 R2. Data Deduplication is enabled on drive D of Server1. You need to exclude D:\Folder1 from Data Deduplication. What should you configure?

QUESTION 371 Hotspot Question Your network contains an Active Director domain named contoso.com. The domain contains a file server named Server1. All servers run Windows Server 2012 R2. You have two user accounts named User1 and User2. User1 and User2 are the members of a group named Group1. User1 has the Department value set to Accounting, user2 has the Department value set to Marketing. Both users have the Employee Type value set to Contract Employee. You create the auditing entry as shown in the exhibit. (Click the Exhibit button.) To answer, complete each statement according to the information presented in the exhibit. Each correct selection is worth one point. Answer:

QUESTION 372 Hotspot Question You have a server named Server1 that runs Windows Server 2012 R2. You configure Network Access Protection (NAP) on Server1. Your company implements a new security policy stating that all client computers must have the latest updates installed. The company informs all employees that they have two weeks to update their computer accordingly. You need to ensure that if the client computers have automatic updating disabled, they are provided with full access to the network until a specific date and time. Which two nodes should you configure? To answer, select the appropriate two nodes in the answer area. Answer:

QUESTION 373 Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the Network Policy Server server role installed. You need to allow connections that use 802.1x. What should you create?

QUESTION 374 Drag and Drop Question You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the Network Policy and Access Services server role installed. All of the VPN servers on your network use Server1 for RADIUS authentication. You create a security group named Group1. You need to configure Network Policy and Access Services (NPAS) to meet the following requirements: – Ensure that only the members of Group1 can establish a VPN connection to the VPN servers. – Allow only the members of Group1 to establish a VPN connection to the VPN servers if the members are using client computers that run Windows 8 or later. Which type of policy should you create for each requirement? To answer, drag the appropriate policy types to the correct requirements. Each policy type may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. Answer:

QUESTION 375 Hotspot Question Your company has four offices. The offices are located in Montreal, Seattle, Sydney, and New York. The network contains an Active Directory domain named contoso.com. The domain contains a server named Server2 that runs Windows Server 2012 R2. Server2 has the DHCP Server server role installed. All client computers obtain their IPv4 and IPv6 addresses from DHCP. You need to ensure that Network Access Protection (NAP) enforcement for DHCP applies to all of the client computers except for the client computers in the New York office. Which two nodes should you configure? To answer, select the appropriate two nodes in the answer area. Answer:

QUESTION 376 You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the Remote Access server role installed. On Server1, you create a network policy named Policy1. You need to configure Policy1 to ensure that users are added to a VLAN. Which attributes should you add to Policy1?

QUESTION 377 Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2 and has the Network Policy Server role service installed. You need to enable trace logging for Network Policy Server (NPS) on Server1. Which tool should you use?

Answer: D Explanation: You can use log files on servers running Network Policy Server (NPS) and NAP client computers to help troubleshoot NAP problems. Log files can provide the detailed information required for troubleshooting complex problems. You can capture detailed information in log files on servers running NPS by enabling remote access tracing. The Remote Access service does not need to be installed or running to use remote access tracing. When you enable tracing on a server running NPS, several log files are created in %windir%\tracing. The following log files contain helpful information about NAP: IASNAP.LOG: Contains detailed information about NAP processes, NPS authentication, and NPS authorization. IASSAM.LOG: Contains detailed information about user authentication and authorization. Membership in the local Administrators group, or equivalent, is the minimum required to enable tracing. Review details about using the appropriate accounts and group memberships at Local and Domain Default Groups (http://go.microsoft.com/fwlink/?LinkId=83477). To create tracing log files on a server running NPS Open a command line as an administrator. Type netshras set tr * en. Reproduce the scenario that you are troubleshooting. Type netshras set tr * dis. Close the command prompt window. http://technet.microsoft.com/en-us/library/dd348461%28v=ws.10%29.aspx

QUESTION 378 Hotspot Question Your network contains an Active Directory domain named contoso.com. All client computers are configured as DHCP clients. You link a Group Policy object (GPO) named GPO1 to an organizational unit (OU) that contains all of the client computer accounts. You need to ensure that Network Access Protection (NAP) compliance is evaluated on all of the client computers. Which two settings should you configure in GPO1? To answer, select the appropriate two settings in the answer area. Answer:

QUESTION 379 Your network contains a Network Policy Server (NPS) server named Server1. The network contains a server named SQL1 that has Microsoft SQL Server 2008 R2 installed. All servers run Windows Server 2012 R2. You configure NPS on Server1 to log c. You need to ensure that the accounting data is captured if SQL1 fails. The solution must minimize cost. What should you do?

QUESTION 380 Your network contains an Active Directory domain named contoso.com. The domain contains domain controllers that run Windows Server 2008, Windows Server 2008 R2 Windows Server 2012, and Windows Server 2012 R2. A domain controller named DC1 runs Windows Server 2012 R2. DC1 is backed up daily. During routine maintenance, you delete a group named Group1. You need to recover Group1 and identify the names of the users who were members of Group1 prior to its deletion. You want to achieve this goal by using the minimum amount of administrative effort. What should you do first?

A. Perform an authoritative restore of Group1. B. Mount the most recent Active Directory backup. C. Use the Recycle Bin to restore Group1. D. Reactivate the tombstone of Group1.

QUESTION 361 You have a failover cluster that contains five nodes. All of the nodes run Windows Server 2012 R2. All of the nodes have BitLocker Drive Encryption (BitLocker) enabled. You enable BitLocker on a Cluster Shared Volume (CSV). You need to ensure that all of the cluster nodes can access the CSV. Which cmdlet should you run next?

QUESTION 362 You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the Windows Deployment Services server role installed. Server1 contains two boot images and four install images. You need to ensure that when a computer starts from PXE, the available operating system images appear in a specific order. What should you do?

A. Modify the properties of the boot images. B. Create a new image group. C. Modify the properties of the install images. D. Modify the PXE Response Policy.

Answer: C

QUESTION 363 Your network contains an Active Directory forest named contoso.com. The forest functional level is Windows Server 2012 R2. The forest contains a single domain. You create a Password Settings object (PSO) named PSO1. You need to delegate the rights to apply PSO1 to the Active Directory objects in an organizational unit named OU1. What should you do?

A. From Active Directory Users and Computers, run the Delegation of Control Wizard. B. From Active Directory Administrative Center, modify the security settings of PSO1. C. From Group Policy Management, create a Group Policy object (GPO) and link the GPO to OU1. D. From Active Directory Administrative Center, modify the security settings of OU1.

Answer: B

QUESTION 364 Hotspot Question Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that has the Network Policy Server server role installed. The domain contains a server named Server2 that is configured for RADIUS accounting. Server1 is configured as a VPN server and is configured to forward authentication requests to Server2. You need to ensure that only Server2 contains event information about authentication requests from connections to Server1. Which two nodes should you configure from the Network Policy Server console? To answer, select the appropriate two nodes in the answer area. Answer:

QUESTION 365 Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 P.2. Server1 has the Network Policy and Access Services server role installed. Your company’s security policy requires that certificate-based authentication must be used by some network services. You need to identify which Network Policy Server (NPS) authentication methods comply with the security policy. Which two authentication methods should you identify? (Each correct answer presents part of the solution. Choose two.)

A. MS-CHAP B. PEAP-MS-CHAP v2 C. Chap D. EAP-TLS E. MS-CHAP v2

Answer: BD Explanation: PEAP is similar in design to EAP-TTLS, requiring only a server-side PKI certificate to create a secure TLS tunnel to protect user authentication, and uses server- side public key certificates to authenticate the server. When you use EAP with a strong EAP type, such as TLS with smart cards or TLS with certificates, both the client and the server use certificates to verify their identities to each other.

QUESTION 366 Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2. An organizational unit (OU) named 0U1 contains 200 client computers that run Windows 8 Enterprise. A Group Policy object (GPO) named GPO1 is linked to OU1. You make a change to GPO1. You need to force all of the computers in 0U1 to refresh their Group Policy settings immediately. The solution must minimize administrative effort. Which tool should you use?

Answer: D Explanation: Starting with Windows Server 2012 and Windows 8, you can now remotely refresh Group Policy settings for all computers in an OU from one central location through the Group Policy Management Console (GPMC). Or you can use the Invoke- GPUpdatecmdlet to refresh Group Policy for a set of computers, not limited to the OU structure, for example, if the computers are located in the default computers container.

QUESTION 367 Your company has a main office and a branch office. The main office contains a server that hosts a Distributed File System (DFS) replicated folder. You plan to implement a new DFS server in the branch office. You need to recommend a solution that minimizes the amount of network bandwidth used to perform the initial synchronization of the folder to the branch office. You recommend using the Export-DfsrClone and Import-DfsrClonecmdlets. Which additional command or cmdlet should you include in the recommendation?

QUESTION 368 You have a cluster named Cluster1 that contains two nodes. Both nodes run Windows Server 2012 R2. Cluster1 hosts a virtual machine named VM1 that runs Windows Server 2012 R2. You configure a custom service on VM1 named Service1. You need to ensure that VM1 will be moved to a different node if Service1 fails. Which cmdlet should you run on Cluster1?

QUESTION 69 Hotspot Question You have a server named Servers that runs Windows Server 2012 R2. Servers has the Windows Deployment Services server role installed. Server5 contains several custom images of Windows 8. You need to ensure that when 32-bit client computers start by using PXE, the computers automatically install an image named Image 1. What should you configure? To answer, select the appropriate tab in the answer area. Answer:

QUESTION 370 Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012 R2. The network contains several group Managed Service Accounts that are used by four member servers. You need to ensure that if a group Managed Service Account resets a password of a domain user account, an audit entry is created. You create a Group Policy object (GPO) named GPO1. What should you do next?